vuln-fix: Use HTTPS instead of HTTP to resolve dependencies

This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <[email protected]> Signed-off-by: Jonathan Leitschuh <[email protected]> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <[email protected]>
JLLeitschuh · Jul 21, 2022 · a9aa644 · a9aa644
1 parent e88c3c2
commit a9aa644
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/build.gradle b/build.gradle
@@ -3,7 +3,7 @@ buildscript {
         jcenter()
         mavenLocal()
         maven {
-            url 'http://repo.jenkins-ci.org/releases/'
+            url 'https://repo.jenkins-ci.org/releases/'
         }
         maven {
             url 'https://plugins.gradle.org/m2/'
@@ -132,4 +132,4 @@ pluginBundle {
 
 test {
     ignoreFailures = true
-}
+}