0

Relatively unfamiliar with Maven. Im trying to set up a shared project in my laptop.

I've heard there's apparently a security issue with the Maven Repo, so, in the pom.xml, I added this to the <repositories>

    <repository>
      <id>central</id>
      <name>Central Repository</name>
      <url>https://repo.maven.apache.org/maven2</url> 
      <layout>default</layout>
      <snapshots>
        <enabled>false</enabled> 
      </snapshots>
    </repository>

But, on top of still getting a 501 error, this is what Im seeing:

Failed to look for file: http://repo.maven.apache.org/maven2/http://repo.maven.apache.org/maven2/org/codehaus/mojo/gwt-maven-plugin/2.4.0/gwt-maven-plugin-2.4.0.pom.

Why is it appending to the URL instead of replacing it?

Failure to transfer org.codehaus.mojo:gwt-maven-plugin:pom:2.4.0 from http://repo.maven.apache.org/maven2 was cached in the local repository, resolution will not be reattempted until the update interval of central has elapsed or updates are forced. Original error: Could not transfer artifact org.codehaus.mojo:gwt-maven-plugin:pom:2.4.0 from/to central (http://repo.maven.apache.org/maven2): Failed to look for file: http://repo.maven.apache.org/maven2/http://repo.maven.apache.org/maven2/org/codehaus/mojo/gwt-maven-plugin/2.4.0/gwt-maven-plugin-2.4.0.pom.

And this is the follow-up message.

Erik
  • 219
  • 3
  • 16
  • 1
    You tagged your question with `eclipse-indigo`, which is more than a decade old. With up-to-date software you would not have such problems. – howlger Jan 05 '23 at 11:55
  • Central repository does not allow access via http only it needs to be https instead....See https://central.sonatype.org/faq/501-error/ – khmarbaise Jan 05 '23 at 20:11
  • @howlger As mentioned, this is a shared project, thus there's a requirement for now of using the minimum spec. Once everything is working well only can we consider upgrading the requirements. – Erik Jan 06 '23 at 02:12
  • @khmarbaise I know of that, hence the addition in the ```pom.xml``` as in the question. The thing is that link is still referring to the ```http```one; appending the ```https``` one to it as opposed to outright replacing. That I dont get why. – Erik Jan 06 '23 at 02:13
  • Use up-to-date tools and an up-to-date Java VM even for older projects that contain Java code of Java 7 and lower. Please do not waste your and our time by doing retrocomputing and take security more seriously. – howlger Jan 06 '23 at 08:29
  • Also upgrade to most recent version of maven (3.8.7) otherwise you won't get it running. – khmarbaise Jan 06 '23 at 09:34
  • First remove the supplemental configuration for repositories in your pom file because the output `http://repo.maven.apache.org/maven2/http://repo.mave..` looks messed up and use the most recent version of Maven ... it's using https by default to access central repository... Furthermore the setence in your question: `I've heard there's apparently a security issue with the Maven Repo,`. is simply wrong. There is no security issue with Maven repository. The issue is that people still try to access with *http* instead of *https*. – khmarbaise Jan 07 '23 at 20:04

0 Answers0