Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7118

Block external HTTP repositories by default

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.6.3
    • 3.8.1, 4.0.0-alpha-1, 4.0.0
    • None
    • None

    Description

      Downloading code from external repositories in HTTP is not a best practice: let's block that by default

      Using the 2 previously added features (MNG-7116 mirrorOf external:http:* to select repositories, and MNG-7117 to block the mirror), it can be done by adding a new mirror definition in default settings.xml provided in the Maven distribution:

      <settings>
        <mirrors>
          <mirror>
            <id>maven-default-http-blocker</id>
            <mirrorOf>external:http:*</mirrorOf>
            <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
            <url>http://0.0.0.0/</url>
            <blocked>true</blocked>
          </mirror>
        </mirrors>
      </settings>

      Attachments

        Issue Links

          Activity

            People

              hboutemy Herve Boutemy
              hboutemy Herve Boutemy
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: