Some weeks ago there was quite a fuss about the security implications
of Maven downloading all those binary jars over HTTP rather than over
HTTPS.
That was fixed and now all mirrors support HTTPS and this latest Maven
version uses secure connections by default.
I'm usually careful in upgrading Maven, but I've been using this
version for a while now and it worked fine - including during release
processes - and also it's the version used by CI since some weeks on
some jobs (didn't update them all - CI can test with various different
versions).
I think we should make this version (at least) a requirement for builds. WDYT?
Sanne