POM contains insecure external repositories

[argv-minus-one]

The jaxb-parent 2.3.0 POM contains <repositories> and <pluginRepositories> with non-https URLs. That makes it unsafe to use JAXB from Maven Central, since downloads of artifacts from those third-party repositories may be intercepted and maliciously modified in-flight. (2.2.10 has only https URLs.)

Please do at least one of the following:

1. Remove the <repositories> and <pluginRepositories> entirely.
2. Change all of their URLs to https.
3. Move them into a <profile> that isn't active by default.

Note that the requirements for publishing to Maven Central discourage the use of <repositories> and <pluginRepositories>. In the past, it was forbidden.