Some weeks ago there was quite a fuss about the security implications of Maven downloading all those binary jars over HTTP rather than over HTTPS. That was fixed and now all mirrors support HTTPS and this latest Maven version uses secure connections by default.
I'm usually careful in upgrading Maven, but I've been using this version for a while now and it worked fine - including during release processes - and also it's the version used by CI since some weeks on some jobs (didn't update them all - CI can test with various different versions). I think we should make this version (at least) a requirement for builds. WDYT? Sanne _______________________________________________ hibernate-dev mailing list hibernate-dev@lists.jboss.org https://lists.jboss.org/mailman/listinfo/hibernate-dev
