server and extension updates are insecurely downloaded over http

Description

It's 2017, all updates should be downloaded over SSL, downloading unsigned binaries over http is risky

as there are multiple host names being used, it might be easier to host everything
under a single domain name and using sub directories

http://cdn.lucee.org/
http://download.lucee.org/
http://beta.lucee.org/
http://extension.lucee.org/

Environment

None

Activity

Show:
Zac Spitzer
March 23, 2020, 9:47 AM

This was added to the latest snapshot (5.3.6.29-SNAPSHOT) last night by

https://github.com/lucee/Lucee/commit/6df1c94100f56ec0ad945b310abd6af7b940b489

One minor problem, the https provider url is being flagged as custom

Pothys - MitrahSoft
March 24, 2020, 10:41 AM
Edited

I've resolved the minor problem as above mentioned.

Pull Request: https://github.com/lucee/Lucee/pull/898

Zac Spitzer
March 24, 2020, 10:44 AM

there's a typo, cutsomVersion

Pothys - MitrahSoft
March 24, 2020, 10:57 AM

, Changed that typo mistake.

Michael Offner
April 20, 2020, 8:14 AM

Fixed

Assignee

Michael Offner

Reporter

Zac Spitzer

Priority

Critical

Labels

Fix versions

Sprint

None

Affects versions

Configure