influxdb-java.git/pom.xml references no longer maintained com.dkanejs.maven.plugins #999
Description
Recent security research discussed problems in the maven ecosystem where the DNS of a no longer maintained project expires and is taken over. mathieucarbou/license-maven-plugin#715 discussed some specifics around maven central which make this less of a problem since they use a formal process for transfers, which influxdb-java seems to be using.
All said, I'm filing this less as a security problem and more for awareness that a component is being used that is no longer maintained.
$ whois dkanejs.com # shows it is expired
No match for domain "DKANEJS.COM".
>>> Last update of whois database: 2024-02-16T15:50:52Z <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
...
$ grep -r com.dkanejs ./influxdb-java.git
./pom.xml: <groupId>com.dkanejs.maven.plugins</groupId>