This is an automated email from the ASF dual-hosted git repository.
xxyu pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/kylin.git
The following commit(s) were added to refs/heads/main by this push:
new 429ac3081c vuln-fix: Use HTTPS instead of HTTP to resolve dependencies
429ac3081c is described below
commit 429ac3081cb2d6e18849783f26b933f3472ac42c
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
AuthorDate: Mon Oct 3 22:39:05 2022 +0000
vuln-fix: Use HTTPS instead of HTTP to resolve dependencies
This fixes a security vulnerability in this project where the `build.gradle`
files were configuring Gradle to resolve dependencies over HTTP instead of
HTTPS.
Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere
Severity: High
CVSSS: 8.1
Detection: OpenRewrite
Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/9
Co-authored-by: Moderne <t...@moderne.io>
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index a7be37a0f7..ac02fb639f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1189,7 +1189,7 @@
</repository>
<repository>
<id>conjars</id>
- <url>http://conjars.org/repo/</url>
+ <url>https://conjars.org/repo/</url>
</repository>
<repository>
