'How to configure Apache Maven settings.xml to prevent downloading specific dependecies\plugin

I want to configure settings.xml to prevent downloading vulnerable versions of log4j. I see that maven can banned specific dependencies defined in pom.xml, but can it also be done in settings.xml?

maven


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Maven doesn't execute any unit test

maven toolchain in profile

maven : deploy artifact file name

What does M1 mean in a maven repository?

Could not read standard output of command 'cmd'

Getting "Skipping JaCoCo execution due to missing execution data file" upon executing JaCoCo

maven-javadoc-plugin sourceFileExcludes not working

SonarQube 3.7 with maven and Jenkins - Maven session does not declare a top level project

Is it at all possible to execute 'mvn test' when tests are in src/main/java and not in src/test/java [duplicate]

mvn command is not recognized as an internal or external command

How to quickly detect and remove log4j classes from our code base and the base image? "mvn dependency:tree" does not check base image

Maven toolchain not getting triggered in build

Is there any way of having maven scp wagon work consistently on linux/mac/windows platform?

How can we set up Maven project in GoCD?

Using junit @Rule, expectCause() and hamcrest matchers