Forge send unencrypted request to files.minecraftforge.net

[Bixilon]

My Client (1.12.2 14.23.5.2847) sends an unencrypted request to: http://files.minecraftforge.net/maven/net/minecraftforge/forge/promotions_slim.json

Please: Use https!

[diesieben07]

The request is encrypted in modern versions of Forge.
Even if, this request does not contain any sensitive data of any kind.

[Bixilon]

The problem is not, that sensitive data is getting sent. It's a general problem.

I updated forge to .2854, but it is not encrypted. Do you mean new Minecraft versions? If so, why not in 1.12.2?

[diesieben07]

1.12.2 is now 2 1/2 years old and no longer receiving updates.

[simon816]

Even if, this request does not contain any sensitive data of any kind.

Depending on whether there's any signature / hash verification, a malicious actor on a network may be able to intercept the request to ultimately serve malware, with HTTPS you at least get certificate verification.

[LexManos]

We know what MITM attacks are. However your fearmongering has no effect here. Worse case scenario they serve bad data and cause an error in out update check.

This, among many reasons is why we never download executable code in Forge. All this check does is display a message if you're out of date.

Which, you are, as you're using 1.12, so.if you gave a crap about security you'd update... So... nobody cares.