Skip to main content

Apache Maven Security Issue: CVE-2013-0253

By Anonymous
A security issue against Apache Maven 3.04 has been identified when running in conjunction with Apache Maven Wagon releases 2.1, 2.2 and 2.3
Apache Maven 3.0.4 (with Apache Maven Wagon 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity,  and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.

All users are recommended to upgrade to Apache Maven 3.0.5 and Apache Maven Wagon 2.4.
Labels:

Comments

  1. Apache Maven 3.0.5 Available | Develop In Java28 February 2013 at 11:54

    [...] on from the earlier security threat levelled against Apache Maven 3.0.4, Maven version 3.0.5 has been [...]

    ReplyDelete

Post a Comment

Popular posts from this blog

Creating a Joke Application in React

By
Introduction I've recently started learning React. I've been a backend developer for a long time, but have started to love doing client side work. As they say, the best way to learn is to practise. So here is a simple joke application that I've written in React. The source code for the application can be found on GitHub at: https://github.com/doobrie/react-joke Creating the project Whilst practising, I've quite often created projects from scratch, but this is quite tedious as the same steps need to be taken for each project. I needed to create the project structure, configure Babel, write some control scripts etc. Instead of doing that this time, I've used the create-react-app tool to scaffold the basics of an application. npx create-react-app This sets up everything that you need to get started with a React app. Coding As this is a simple project, I've created one react component, function app() . I've created this as a functional c...
Post a Comment
Read more

Changing Default Search Provider in Firefox on Linux Mint

By
On Linux Mint, the default version of Firefox is installed and configured to allow the following search engines to be queried directly from the address bar: Yahoo! Startpage DuckDuckGo Wikipedia Mint defines these as the default available set of search engines based upon 3 criteria (funding to Linux Mint, privacy support and whether the search engine is non-commercial). Other search engines such as Google, Bing or Twitter, etc. can easily be added into the default version of Firefox however. To add a different search provider, browse to Search Engines At the bottom of the page, click on the icon of the requested search engine, then click on the ... button in the URL bar and select the Add Search Engine option. You then have the option to change the default search engine within Firefox preferences to your new choice.
Post a Comment
Read more

The new Eclipse logo

By Anonymous
In a blog post today, Ian Skerrett has announced the new logo for Eclipse. Last fall we [The Eclipse Foundation] started a process to  update the Eclipse logo . The existing logo had not been change since Eclipse was launched and it was showing its age. I am happy to announce we have finished the process and am pleased to introduce the updated Eclipse logo. The new logo has a fresh modern look to it, which I think is a good improvement and will stand Eclipse in good stead for the future. The new logo will be included with the next Eclipse release train, Luna, and gradually rolled out across the Eclipse site and projects. What do you think?  Do you like the new logo?  Add your comments below.
Post a Comment
Read more