Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7118

Block external HTTP repositories by default

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.6.3
    • 3.8.1, 4.0.0-alpha-2, 4.0.0
    • None
    • None

    Description

      Downloading code from external repositories in HTTP is not a best practice: let's block that by default

      Using the 2 previously added features (MNG-7116 mirrorOf external:http:* to select repositories, and MNG-7117 to block the mirror), it can be done by adding a new mirror definition in default settings.xml provided in the Maven distribution:

      <settings>
  <mirrors>
    <mirror>
      <id>maven-default-http-blocker</id>
      <mirrorOf>external:http:*</mirrorOf>
      <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
      <url>http://0.0.0.0/</url>
      <blocked>true</blocked>
    </mirror>
  </mirrors>
</settings>

      Attachments

        Issue Links

        causes

        Bug - A problem which impairs or prevents the functions of the product. MNGSITE-450 Incorrect doc for using internal repo

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Open
        depends upon

        New Feature - A new feature of the product, which has yet to be developed. MNG-7116 Add support for mirror selector on external:http:*

        • Major - Major loss of function.
        • Closed

        New Feature - A new feature of the product, which has yet to be developed. MNG-7117 Add support for blocking mirrors

        • Major - Major loss of function.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            hboutemy Herve Boutemy
            hboutemy Herve Boutemy
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment