Uploaded image for project: 'KIE Cloud'
  1. KIE Cloud
  2. KIECLOUD-187

Maven repositories must made https calls instead http.

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • 6.4.12.GA
    • 6.4.11.GA-1
    • RHDS, RHIPS
    • None

    Description

      Red Hat was recently made aware that in certain Java repositories, we pull and build dependencies over HTTP instead of HTTPS. We recognize that using HTTP when HTTPS is available is less than desirable and are investigating the report. Importantly, using HTTP alone is not sufficient to effect an attack; an attacker needs to be in a position to perform a man-in-the-middle attack in the first place. The security of builds is important to Red Hat, so we will be taking steps to harden the process by changing calls to use HTTPS where possible.

      Used only by our 6.4 RHDS and RHIPS images:

      Attachments

        Issue Links

          clones

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) KIECLOUD-186 Maven repositories must made https calls instead http.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) CLOUD-3163 Maven repositories must made https calls instead http and update vulnerable dependencies.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-zanini Ricardo Zanini Fernandes
              rhn-support-fspolti Filippe Spolti
              Jakub Schwan Jakub Schwan
              Jakub Schwan Jakub Schwan
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: