Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7118

Block external HTTP repositories by default

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.6.3
    • Fix Version/s: 3.8.1, 4.0.0, 4.0.0-alpha-1
    • Component/s: None
    • Labels:
      None

      Description

      Downloading code from external repositories in HTTP is not a best practice: let's block that by default

      Using the 2 previously added features (MNG-7116 mirrorOf external:http:* to select repositories, and MNG-7117 to block the mirror), it can be done by adding a new mirror definition in default settings.xml provided in the Maven distribution:

      <settings>
        <mirrors>
          <mirror>
            <id>maven-default-http-blocker</id>
            <mirrorOf>external:http:*</mirrorOf>
            <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
            <url>http://0.0.0.0/</url>
            <blocked>true</blocked>
          </mirror>
        </mirrors>
      </settings>

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                hboutemy Herve Boutemy
                Reporter:
                hboutemy Herve Boutemy
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: