This means that Maven Central contains POMs with custom repositories that refer to a URL over HTTP. More and more repositories use HTTPS nowadays, but this hasn't always been the case. Possible Man-In-The-Middle-Attack due to custom repositories using HTTP We've split this up into three separate issues: We received a report from Jonathan Leitschuh about a vulnerability of custom repositories in dependency POMs. This release covers two CVEs: CVE-2021-26291 If you have any questions, please consult: Further releases of plugins will be made separately. The core release is independent of plugin releases. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting, and documentation from a central place. Maven is a software project management and comprehension tool. The Apache Maven team would like to announce the release of Maven 3.8.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |