Use HTTPS to resolve dependencies in Maven Build (eclipse-ee4j#4391)

JLLeitschuh · senivam · web-flow · commit 38d081986b07 · 2020-02-17T23:29:48.000+01:00
* Use HTTPS instead of HTTP to resolve dependencies

This fixes a security vulnerability in this project where the `pom.xml`
files were configuring Maven to resolve dependencies over HTTP instead of
HTTPS.

Signed-off-by: Jonathan Leitschuh &lt;Jonathan.Leitschuh@gmail.com&gt;

* Update pom.xml

Co-authored-by: Maxim Nesen &lt;24524084+senivam@users.noreply.github.com&gt;
diff --git a/media/moxy/pom.xml b/media/moxy/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
 
-    Copyright (c) 2012, 2019 Oracle and/or its affiliates. All rights reserved.
+    Copyright (c) 2012, 2020 Oracle and/or its affiliates. All rights reserved.
 
     This program and the accompanying materials are made available under the
     terms of the Eclipse Public License v. 2.0, which is available at
@@ -130,7 +130,7 @@
         <repository>
             <id>eclipselink.repository</id>
             <name>Eclipse Maven Repository</name>
-            <url>http://download.eclipse.org/rt/eclipselink/maven.repo</url>
+            <url>https://download.eclipse.org/rt/eclipselink/maven.repo</url>
             <layout>default</layout>
         </repository>
     </repositories>
diff --git a/pom.xml b/pom.xml
@@ -1112,7 +1112,7 @@
                 <repository>
                     <id>eclipselink.repository</id>
                     <name>Eclipse Maven Repository</name>
-                    <url>http://www.eclipse.org/downloads/download.php?r=1&amp;nf=1&amp;file=/rt/eclipselink/maven.repo</url>
+                    <url>https://www.eclipse.org/downloads/download.php?r=1&amp;nf=1&amp;file=/rt/eclipselink/maven.repo</url>
                     <layout>default</layout>
                 </repository>
             </repositories>
