Repository definitions using HTTP instead of HTTPS #766
Comments
alejandro-du
pushed a commit
to alejandro-du/cdi
that referenced
this issue
Jul 29, 2019
alejandro-du
added a commit
to alejandro-du/vaadin-grid-pro-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
added a commit
to alejandro-du/vaadin-confirm-dialog-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-confirm-dialog-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-confirm-dialog-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/charts
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-cookie-consent-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-rich-text-editor-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-accordion-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
added a commit
to alejandro-du/vaadin-components-testbench
that referenced
this issue
Jul 29, 2019
alejandro-du
added a commit
to alejandro-du/vaadin-confirm-dialog-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-app-layout-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-custom-field-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-grid-pro-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-rich-text-editor-flow
that referenced
this issue
Jul 29, 2019
alejandro-du
pushed a commit
to alejandro-du/vaadin-cookie-consent-flow
that referenced
this issue
Jul 29, 2019
|
Can you list them here, I can help with that.. I have seen the PR for vaadin 8, are there some other things missing? |
ZheSun88
pushed a commit
to vaadin/flow-demo
that referenced
this issue
Aug 22, 2019
* Use https for Maven repositories Related to vaadin/platform#766
ZheSun88
pushed a commit
to vaadin/framework8-demo
that referenced
this issue
Aug 22, 2019
ZheSun88
added a commit
to vaadin/tutorial
that referenced
this issue
Aug 22, 2019
replace the usage in profiles See vaadin/platform#766
ZheSun88
added a commit
to vaadin/ui-examples
that referenced
this issue
Aug 22, 2019
This was referenced Aug 22, 2019
tomivirkki
pushed a commit
to vaadin/ui-examples
that referenced
this issue
Aug 22, 2019
|
I have made some more fixes related to this issue. skipped a few repositories which are archived/haven't have any updates in 2019. |
|
Everything done, thanks everyone! |
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 3, 2020
vaadin/vaadin-board#100 See vaadin/platform#766 Flow-component: vaadin-board
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 3, 2020
vaadin/vaadin-rich-text-editor#64 Related to vaadin/platform#766 Flow-component: vaadin-rich-text-editor
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 3, 2020
vaadin/vaadin-charts#296 Related to vaadin/platform#766 Flow-component: vaadin-charts
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 3, 2020
vaadin/vaadin-accordion#38 Related to vaadin/platform#766 Flow-component: vaadin-accordion
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 3, 2020
vaadin/vaadin-board#100 See vaadin/platform#766 Flow-component: vaadin-board
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 3, 2020
vaadin/vaadin-rich-text-editor#64 Related to vaadin/platform#766 Flow-component: vaadin-rich-text-editor
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 3, 2020
vaadin/vaadin-charts#296 Related to vaadin/platform#766 Flow-component: vaadin-charts
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 3, 2020
vaadin/vaadin-accordion#38 Related to vaadin/platform#766 Flow-component: vaadin-accordion
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 5, 2020
vaadin/vaadin-board-flow#100 See vaadin/platform#766 Web-component: vaadin-board
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 5, 2020
vaadin/vaadin-rich-text-editor-flow#64 Related to vaadin/platform#766 Web-component: vaadin-rich-text-editor
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 5, 2020
vaadin/vaadin-charts-flow#296 Related to vaadin/platform#766 Web-component: vaadin-charts
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 5, 2020
vaadin/vaadin-accordion-flow#38 Related to vaadin/platform#766 Web-component: vaadin-accordion
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 6, 2020
vaadin/vaadin-board-flow#100 See vaadin/platform#766 Web-component: vaadin-board
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 6, 2020
vaadin/vaadin-rich-text-editor-flow#64 Related to vaadin/platform#766 Web-component: vaadin-rich-text-editor
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 6, 2020
vaadin/vaadin-charts-flow#296 Related to vaadin/platform#766 Web-component: vaadin-charts
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Oct 6, 2020
vaadin/vaadin-accordion-flow#38 Related to vaadin/platform#766 Web-component: vaadin-accordion
manolo
pushed a commit
to vaadin/flow-components
that referenced
this issue
Apr 27, 2022
TatuLund
added a commit
to vaadin/parking-demo
that referenced
this issue
May 18, 2022
* Use https for Maven repositories (#2) Related to vaadin/platform#766 * Update for the latest Vaadin 7 and Touchkit 4 * Fix maps MapBox -> OpenStreetMap * Set productionMode=true Co-authored-by: Guille <alvarezguille@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Recently, it was discovered that many Java libraries are downloading dependencies over non-secured HTTP connections. This means that developers using these libraries are vulnerable to man-in-the-middle attacks. The attack is so easy to perform, that there's even an example on GitHub that shows how to do it. Vaadin is affected by this.
To solve the problem, we need to replace any repository definition that uses
httpwithhttpsin all of our maintained dependencies. The problem is not solved by merely fixing, for example, thevaadin-coreorvaadindependencies only since the repository definitions are transitive with Maven. Moreover, we should check third-party libraries used by Vaadin that may containhttprepository definitions and take appropriate action.Due to the severity of the issue the Spring team launched the nohttp project with tools that help ensuring https is used. Moreover, they have taken action not to include anything in their builds that uses http and misses that transitive "feature" of Maven.
The text was updated successfully, but these errors were encountered: