Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7118

Block external HTTP repositories by default

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.6.3
    • 3.8.1, 4.0.0-alpha-2, 4.0.0
    • None
    • None

    Description

      Downloading code from external repositories in HTTP is not a best practice: let's block that by default

      Using the 2 previously added features (MNG-7116 mirrorOf external:http:* to select repositories, and MNG-7117 to block the mirror), it can be done by adding a new mirror definition in default settings.xml provided in the Maven distribution:

      <settings>
  <mirrors>
    <mirror>
      <id>maven-default-http-blocker</id>
      <mirrorOf>external:http:*</mirrorOf>
      <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
      <url>http://0.0.0.0/</url>
      <blocked>true</blocked>
    </mirror>
  </mirrors>
</settings>

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. MNGSITE-450 Incorrect doc for using internal repo

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          depends upon

          New Feature - A new feature of the product, which has yet to be developed. MNG-7116 Add support for mirror selector on external:http:*

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MNG-7117 Add support for blocking mirrors

          • Major - Major loss of function.
          • Closed

          Activity

            People

              hboutemy Herve Boutemy
              hboutemy Herve Boutemy
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: