Status: Closed (View Workflow)
Resolution: Won't Do
Affects Version/s: None
Fix Version/s: None
Starting with maven 3.8.1, http-based maven repositories are unsupported.
This maven MitM attack has been well known since 2019:
https://github.com/github/securitylab/issues/21 "Java (Maven): Use of insecure protocol to download/upload artifacts"
The mod-inventory build in the rancher pipeline fails for this reason.
This is caused by org.z3950.zing:cql-java dependency with http repository declaration:
domain-models-runtime should release a v32 version with fixed maven.indexdata.com repository declaration.
mod-source-record-storage-client should release a version with the fixed domain-models-runtime v32 version.
mod-inventory should update to that fixed mod-source-record-storage-client version.