More and more repositories use HTTPS nowadays, but this hasn’t always been the case. This means that Maven Central contains POMs with custom repositories that refer to a URL over HTTP. This makes downloads via such repository a target for a MITM attack. At the same time, developers are probably not aware that for some downloads an insecure URL is being used. Because uploaded POMs to Maven Central are immutable, a change for Maven was required. To solve this, we extended the mirror configuration with parameter, and we added a new external:http: mirror selector (like existing external:), meaning “any external URL using HTTP”. The decision was made to block such external HTTP repositories by default: this is done by providing a mirror in the conf/settings.xml blocking insecure HTTP external URLs.
This changes the Jenkins repo from http to https.
Checklist
Testing
(Remove this checklist and replace it with "N/A - no code changes" if this PR does not modify source code)
[x] I have manually verified that my code changes do the right thing.
[x] I have run the tests and verified that my changes do not introduce any regressions.
[ ] I have written unit tests to verify that my code changes do the right thing and to protect my code against regressions
Documentation
(Remove this checklist and replace it with "N/A - no code changes" if this PR does not modify source code)
[x] I have updated the "Unreleased" section of CHANGELOG.md with a brief description of my changes.
[ ] I have updated code comments - both GroovyDoc/JavaDoc-style comments and inline comments - where appropriate.
[x] I have read CONTRIBUTING.md and have followed its guidance.
Summary
Maven now disables
http
repos by default. See more information in this StackOverflow question:This changes the Jenkins repo from
http
tohttps
.Checklist
Testing
(Remove this checklist and replace it with "N/A - no code changes" if this PR does not modify source code)
Documentation
(Remove this checklist and replace it with "N/A - no code changes" if this PR does not modify source code)
CHANGELOG.md
with a brief description of my changes.CONTRIBUTING.md
and have followed its guidance.