Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Unknown
Description
I did research on insecure development practises and tripped of the usage of
<url>http://svn.apache.org/repos/asf/servicemix/m2-repo</url>
in camel-script.
I checked servicemix repositories: It either contains duplicates of maven central (some with invalid poms) or original content.
Network traces while compiling camel suggest that mvn only pulls these artifacts from servicemix maven repository:
1525026026.300329 CW4Snp4aVItMFgPff9 172.17.0.2 38354 209.188.14.144 80 1 GET svn.apache.org /repos/asf/servicemix/m2-repo/org/mozilla/rhino/1.7.7.1/rhino-1.7.7.1.pom - 1.1 Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs) 0 270 404 Not Found - - (empty) - -Fl1CyF3Qpey4VRjMaf - text/html 1525026026.756122 CzWVcz4DWIH77Wsfg2 172.17.0.2 38356 209.188.14.144 80 1 GET svn.apache.org /repos/asf/servicemix/m2-repo/org/python/jython/2.5.3/jython-2.5.3.pom - 1.1 Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs) 0 267 404 Not Found - - (empty) - -FE4nRr2km9bJj89ff6 - text/html 1525026027.180905 CFlRQ818nO5cbbbsTl 172.17.0.2 38358 209.188.14.144 80 1 GET svn.apache.org /repos/asf/servicemix/m2-repo/org/codehaus/groovy/groovy-jsr223/2.4.12/groovy-jsr223-2.4.12.pom - 1.1 Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs) 0 292 404 Not Found - -(empty) - - - - - - F1QpLz2VRydzyYntF4 - text/html 1525026027.647593 CX5M1E1hyxPYAoyL8i 172.17.0.2 38360 209.188.14.144 80 1 GET svn.apache.org /repos/asf/servicemix/m2-repo/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.pom - 1.1 Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs) 0 278 404 Not Found - - (empty) -FuD9RLFHEi17eOUkh - text/html 1525026028.094818 CiIO7oAUfj4tscfX5 172.17.0.2 38366 209.188.14.144 80 1 GET svn.apache.org /repos/asf/servicemix/m2-repo/org/codehaus/groovy/groovy-jsr223/2.4.12/groovy-jsr223-2.4.12.jar - 1.1 Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs) 0 292 404 Not Found - -(empty) - - - - - - FyVPyfu1Y3DFkNgJ2 - text/html 1525026028.099453 CUh1fW3Dl62XKXPLX2 172.17.0.2 38364 209.188.14.144 80 1 GET svn.apache.org /repos/asf/servicemix/m2-repo/org/python/jython/2.5.3/jython-2.5.3.jar - 1.1 Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs) 0 267 404 Not Found - - (empty) - -F7x74522BvGw3zS7Eh - text/html 1525026028.099309 ClETpU2KKP8Ne1p6yh 172.17.0.2 38362 209.188.14.144 80 1 GET svn.apache.org /repos/asf/servicemix/m2-repo/org/mozilla/rhino/1.7.7.1/rhino-1.7.7.1.jar - 1.1 Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs) 0 270 404 Not Found - - (empty) - -FbZ0xi2NtRzDdBk0Bb - text/html 1525026028.102116 CFCPI51JMEeZ5XVLz 172.17.0.2 38368 209.188.14.144 80 1 GET svn.apache.org /repos/asf/servicemix/m2-repo/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.jar - 1.1 Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs) 0 278 404 Not Found - - (empty) -Fahqzk1hqZbMkcZZY5 - text/html
In a nutshell: rhino js engine, jython and beanshell. This is provided by maven central as well.
So I suggest to remove that repository here.
Will provide a patch by a github pull request
Attachments
Issue Links
- links to