Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
vuln-fix: Use HTTPS instead of HTTP to resolve dependencies
This fixes a security vulnerability in this project where the `build.gradle` files were configuring Gradle to resolve dependencies over HTTP instead of HTTPS. Weakness: CWE-829: Inclusion of Functionality from Untrusted Control Sphere Severity: High CVSSS: 8.1 Detection: OpenRewrite Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: JLLeitschuh/security-research#9 Co-authored-by: Moderne <team@moderne.io>
- Loading branch information