Phil Hagelberg
2014-08-05 23:53:52 UTC
Hello everyone.
I'm happy to announce the release of Leiningen 2.4.3. This release
includes a number of small fixes and one big fix: access to the Central
repository now occurs over HTTPS since Sonatype opened up public SSL
access to Central yesterday[1]. Please upgrade your copy of Leiningen to
get this important security fix. If for some reason you are unable to
upgrade, you can put this code in your user profile[2] to get SSL access
From older versions of Leiningen:
:mirrors {"central" {:name "securedcentral"
:url "https://repo1.maven.org/maven2"}}
Note that this only works under Leiningen 2.x; users of Leiningen 1.x
should upgrade to get secure access.
Here's a full list of user-visible changes:
* Allow implicit hooks/middleware to be disabled. (Phil Hagelberg)
* Print compilation errors as they occur. (Paul Legato)
* Switch Central repository to using HTTPS. (Manfred Moser)
* Add `LEIN_NO_USER_PROFILES` to avoid loading user profile. (Hugo Duncan)
* Fix deploy task to work with signature files. (Phil Hagelberg)
* Allow vcs tags to be created with a prefix. (Yannick Scherer)
* Default to warning when version ranges are present. (Phil Hagelberg)
* Let templates be loaded from `:plugin-repositories`. (Jason Felice)
As usual, `lein upgrade` will pull in the latest version, and `lein
downgrade 2.4.2` will go back to the previous version if something in
the new version is broken for you.
Thanks to everyone who helped make this release happen.
-Phil
[1] - http://blog.sonatype.com/2014/08/https-support-launching-now
[2] - If you don't have a user profile yet, paste this into ~/.lein/profiles.clj:
{:user {:mirrors {"central" {:name "securedcentral"
:url "https://repo1.maven.org/maven2"}}}}
I'm happy to announce the release of Leiningen 2.4.3. This release
includes a number of small fixes and one big fix: access to the Central
repository now occurs over HTTPS since Sonatype opened up public SSL
access to Central yesterday[1]. Please upgrade your copy of Leiningen to
get this important security fix. If for some reason you are unable to
upgrade, you can put this code in your user profile[2] to get SSL access
From older versions of Leiningen:
:mirrors {"central" {:name "securedcentral"
:url "https://repo1.maven.org/maven2"}}
Note that this only works under Leiningen 2.x; users of Leiningen 1.x
should upgrade to get secure access.
Here's a full list of user-visible changes:
* Allow implicit hooks/middleware to be disabled. (Phil Hagelberg)
* Print compilation errors as they occur. (Paul Legato)
* Switch Central repository to using HTTPS. (Manfred Moser)
* Add `LEIN_NO_USER_PROFILES` to avoid loading user profile. (Hugo Duncan)
* Fix deploy task to work with signature files. (Phil Hagelberg)
* Allow vcs tags to be created with a prefix. (Yannick Scherer)
* Default to warning when version ranges are present. (Phil Hagelberg)
* Let templates be loaded from `:plugin-repositories`. (Jason Felice)
As usual, `lein upgrade` will pull in the latest version, and `lein
downgrade 2.4.2` will go back to the previous version if something in
the new version is broken for you.
Thanks to everyone who helped make this release happen.
-Phil
[1] - http://blog.sonatype.com/2014/08/https-support-launching-now
[2] - If you don't have a user profile yet, paste this into ~/.lein/profiles.clj:
{:user {:mirrors {"central" {:name "securedcentral"
:url "https://repo1.maven.org/maven2"}}}}