[hibernate-dev] Security: Requiring Maven version 3.2.3 in our (maven based) builds
Sanne Grinovero
sanne at hibernate.org
Fri Dec 12 09:02:11 EST 2014
Some weeks ago there was quite a fuss about the security implications
of Maven downloading all those binary jars over HTTP rather than over
HTTPS.
That was fixed and now all mirrors support HTTPS and this latest Maven
version uses secure connections by default.
I'm usually careful in upgrading Maven, but I've been using this
version for a while now and it worked fine - including during release
processes - and also it's the version used by CI since some weeks on
some jobs (didn't update them all - CI can test with various different
versions).
I think we should make this version (at least) a requirement for builds. WDYT?
Sanne
More information about the hibernate-dev
mailing list