Major Steps to Reproduce
build any zkmax/zkex webapp using maven 3.8.1 (in default settings)
Current Result
transitive dependencies for jasperreports fail to download (due to blocked insecure HTTP)
[ERROR] Failed to execute goal on project my-zkmax-project: Could not resolve dependencies for project zk.example:my-zkmax-project:war:1.0-SNAPSHOT: Failed to collect dependencies at org.zkoss.zk:zkmax:jar:9.5.1.2-Eval -> org.zkoss.zk:zkex:jar:9.5.1.2-Eval -> net.sf.jasperreports:jasperreports:jar:6.14.0 -> com.lowagie:itext:jar:2.1.7.js8: Failed to read artifact descriptor for com.lowagie:itext:jar:2.1.7.js8: Could not transfer artifact com.lowagie:itext:pom:2.1.7.js8 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [ jaspersoft-third-party (http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/, default, releases+snapshots), jr-ce-releases (http://jaspersoft.jfrog.io/jaspersoft/jr-ce-releases, default, releases+snapshots) ] -> [Help 1]
Expected Result
use HTTPS to download dependencies
check for an updated version of jasperreports which already uses HTTPS
Debug Information
details mentioned here
https://maven.apache.org/docs/3.8.1/release-notes.html
Workaround
A) exclude jasperreports if not used in the application
<dependency> <groupId>org.zkoss.zk</groupId> <artifactId>zkmax</artifactId><!-- OR zkex --> <version>${zk.version}</version> <exclusions> <exclusion> <groupId>net.sf.jasperreports</groupId> <artifactId>jasperreports</artifactId> </exclusion> </exclusions> </dependency>
B) specify the HTTPS version of the 3rd party repository
<repository> <id>jasper-3rd-party</id> <name>jasper-3rd-party</name> <url>https://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts</url> </repository>