AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
ShortDoorNote 3.81 for windows instal2/27/2024 This makes downloads via such repository a target for a MITM attack.Īt the same time, developers are probably not aware that for some downloads an insecure URL is being used.īecause uploaded POMs to Maven Central are immutable, a change for Maven was required. This means that Maven Central contains POMs with custom repositories that refer to a URL over HTTP. More and more repositories use HTTPS nowadays, but this hasn't always been the case. Possible Man-In-The-Middle-Attack due to custom repositories using HTTP We've split this up into three separate issues: We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. This release covers two CVEs: CVE-2021-26291 If you have any questions, please consult: Further releases of plugins will be made separately. The core release is independent of plugin releases. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting, and documentation from a central place. Maven is a software project management and comprehension tool. The Apache Maven team would like to announce the release of Maven 3.8.1.
0 Comments
Read More
Leave a Reply. |