Download Maven artifacts and jar files over HTTPS

2 points by jkot ↗ HN
Just a small tip. By default maven downloads jar files over insecure http. That makes it easy to inject executable code and other nasty stuff. There is simple workaround to use HTTPS. Put this into ~/.m2/settings.xml:

  <settings>
  <mirrors>
    <mirror>
      <id>central22</id>
      <name>central22</name>
      <url>https://repo1.maven.org/maven2</url>
      <mirrorOf>central</mirrorOf>
    </mirror>
  </mirrors>
  </settings>

0 comments

[ 2.0 ms ] story [ 11.0 ms ] thread

No comments yet.