Issue
In my past project I had a problem with dependencies starting with http, just like this one Maven Build Failure -- DependencyResolutionException . Solution was to add mirrors for the project worked fine. Though now on another project I use the same dependencies, have the same setup and I am still getting the error. Any thoughts?
Solution
Maven now disables all insecure http://* mirrors by default. Here is explanation from maven mainteners: http://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291
More and more repositories use HTTPS nowadays, but this hasn’t always been the case. This means that Maven Central contains POMs with custom repositories that refer to a URL over HTTP. This makes downloads via such repository a target for a MITM attack. At the same time, developers are probably not aware that for some downloads an insecure URL is being used. Because uploaded POMs to Maven Central are immutable, a change for Maven was required. To solve this, we extended the mirror configuration with parameter, and we added a new external:http:* mirror selector (like existing external:*), meaning “any external URL using HTTP”. The decision was made to block such external HTTP repositories by default: this is done by providing a mirror in the conf/settings.xml blocking insecure HTTP external URLs.
The solution (not recommended for security reasons mentioned above) may be to remove <blocked>
section from mirror list in default Maven settings.xml file (/usr/share/maven/conf/settings.xml)
Answered By - Stanislav Kardashov
Answer Checked By - David Marino (JavaFixing Volunteer)