<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:25:51 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3131] Use https for maven.k-int.com</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3131</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;b&gt;Task:&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;Replace http by https for maven.k-int.com, fixing MitM vulnerability&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Steps to Reproduce:&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/mod-licenses/blob/v3.1.0/service/build.gradle#L32&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-agreements/blob/v4.0.1/service/build.gradle#L32&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://github.com/folio-org/mod-service-interaction/blob/8e75dd35b3c064c4d0e161c859d28417fc77ce17/service/build.gradle#L50&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-service-interaction/blob/8e75dd35b3c064c4d0e161c859d28417fc77ce17/service/build.gradle#L50&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://github.com/folio-org/mod-service-interaction/blob/8e75dd35b3c064c4d0e161c859d28417fc77ce17/service/build.gradle#L54&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-service-interaction/blob/8e75dd35b3c064c4d0e161c859d28417fc77ce17/service/build.gradle#L54&lt;/a&gt;&lt;br/&gt;
&lt;a href=&quot;https://github.com/folio-org/mod-licenses/blob/v3.1.0/service/build.gradle#L32&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-licenses/blob/v3.1.0/service/build.gradle#L32&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;contain this entry:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
repositories {
  ...
  maven { url &lt;span class=&quot;code-quote&quot;&gt;&quot;http:&lt;span class=&quot;code-comment&quot;&gt;//maven.k-&lt;span class=&quot;code-object&quot;&gt;int&lt;/span&gt;.com/content/repositories/releases&quot;&lt;/span&gt; }
&lt;/span&gt;}
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;Unencrypted http is used.&lt;/p&gt;

&lt;p&gt;This allows an attacker to run a Machine-in-the-Middle (MitM) attack that replaces the content by malware.&lt;/p&gt;

&lt;p&gt;Such attacks against unencrypted maven repositories are well-known since 2019:&lt;br/&gt;
 &lt;a href=&quot;https://github.com/github/securitylab/issues/21&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/github/securitylab/issues/21&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For this reason maven disabled unencrypted http by default since 2021:&lt;br/&gt;
 &lt;a href=&quot;https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="82068">FOLIO-3131</key>
            <summary>Use https for maven.k-int.com</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                    </labels>
                <created>Fri, 23 Apr 2021 21:22:12 +0000</created>
                <updated>Fri, 14 May 2021 15:32:29 +0000</updated>
                            <resolved>Fri, 14 May 2021 15:32:22 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                <comments>
                                                            <comment id="197308" author="5ee89462f7aa140abd82d11d" created="Fri, 23 Apr 2021 21:36:48 +0000"  >&lt;p&gt;This is blocked by 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-3132&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3132&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Install intermediate SSL certificate on maven.k-int.com&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-3132
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &quot;Install intermediate SSL certificate on maven.k-int.com&quot;.&lt;/p&gt;</comment>
                                                            <comment id="197312" author="5ee89462f7aa140abd82d11d" created="Thu, 6 May 2021 21:49:03 +0000"  >&lt;p&gt;The fix for mod-licenses has been merged, thanks! &lt;a href=&quot;https://github.com/folio-org/mod-licenses/pull/165&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-licenses/pull/165&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The fixes for the two other repositories are in code review:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://github.com/folio-org/mod-service-interaction/pull/27&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-service-interaction/pull/27&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://github.com/folio-org/mod-agreements/pull/414&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/mod-agreements/pull/414&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
</comment>
                                                            <comment id="197315" author="5ee89462f7aa140abd82d11d" created="Fri, 14 May 2021 15:32:22 +0000"  >&lt;p&gt;Thanks!&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                                                <inwardlinks description="is blocked by">
                                        <issuelink>
            <issuekey id="82069">FOLIO-3132</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="82036">FOLIO-3106</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10141"><![CDATA[Bienenvolk]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i02n1z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>