Skip to content

HTTP access to repo1.maven.org and repo.maven.apache.org is being deprecated

Beginning January 15, 2020, The Central Repository will no longer support communication over HTTP. http://repo1.maven.org and http://repo.maven.apache.org/ will no longer resolve, and users will need to update their builds to resolve dependencies over HTTPS.

Why is this happening?⚓︎

  • It's time to make this change. Maven Central has taken steps in the past to improve its security posture. In May 2018, we announced the end of support for TLSv1.1 and below. Almost a year later, deciding to deprecate support for unencrypted access to Maven Central is the logical continuation of this journey. We would like to credit Jonathan Leitschuh for pushing this initiative across the ecosystem. You can see his full writeup here

My environment does not support HTTPS, what can I do?⚓︎

  • We recognize that for some of our users, there may be major technical limitations that prohibit making the switch to HTTPS, e.g. build environments still running JDK6. For those users, we will provide a separate domain to accomodate insecure traffic. As we approach the cut over date, we'll provide the exact HTTP URL to replace all your existing references to http://repo1.maven.org or http://repo.maven.apache.org/.

You can check out our FAQ Page or follow @sonatype_ops on Twitter for a more detailed schedule of changes as we get closer to January 15, 2020.

Back to top