Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.1.0
-
None
Description
Hi,
Sorry if I just cannot find it
but it seems the checksum is not checked of the `maven-wrapper.jar` downloaded here:
Checksum of the downloaded file should be checked before executing it to avoid a remote code execution attack on the developer machine.
Attachments
Issue Links
- is related to
-
MWRAPPER-79 Automatically add sha256 to maven-wrapper.properties
- Open
-
MWRAPPER-75 Allow for sha256 checksum verification of downloaded artifacts.
- Closed