Maven 3.9.1+ blocks http during deployment
Symptoms
When deploying with Myst the 'download-deploy-artifacts' Myst action returns a maven-default-http-blocker error.
Cause
Version 3.8.1 of Maven blocks unsecure http by default. https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291
If a WebLogic patch such as the one below was applied then Maven has been updated. 34298772 -WLS PATCH SET UPDATE 12.2.1.3.220620
Solution
The same Maven link above also contains a solution https://maven.apache.org/docs/3.8.1/release-notes.html#how-to-fix-when-i-get-a-http-repository-blocked
Update the endpoint that is being blocked to HTTPS
Define a mirror by updating your
~/.m2/settings.xmlor Myst Continuous Delivery Profile.If you don't use the Continuous Delivery Profile then update
~/.m2/settings.xmlon each of the AdminServer hosts
*NOTE:
Take caution when changing the Myst Continuous Delivery Profile. You will need to know what the original contents were as Myst hides it contains passwords.*
Backup the Myst database
You can also find the
settings.xmlwhen running a Myst action and SSH'ing to the AdminServer under the default Myst workspace location (``/tmp/mystWorkspace/RANDOM_ID`/resources/maven/settings.xml)
Workaround
If neither of the above solutions work for you then there's a way to override the maven-default-http-blocker to block an unused/dummy protocol.
Keep in mind the <blocked>true</blocked> doesn't seem to do anything even when set to false.
Last updated
