Over the past many months, we have been incrementally working toward support for HTTPS (i.e., secure) web traffic for ImageJ’s web-based resources. At the recent hackathon at MPI-CBG, we largely completed these efforts. Some of the domains which now fully support HTTPS include:
- https://imagej.net/
- https://downloads.imagej.net/
- https://javadoc.imagej.net/
- https://jenkins.imagej.net/
- https://maven.imagej.net/
- https://mirror.imagej.net/
- https://search.imagej.net/
- https://sites.imagej.net/
- https://status.imagej.net/
- https://update.imagej.net/
- https://wsr.imagej.net/
- https://fiji.sc/
- https://samples.fiji.sc/
- https://update.fiji.sc/
More work is still needed to make the ImageJ Updater always prefer talking to update sites via HTTPS rather than HTTP; see the relevant forum thread for further details.
This work will make ImageJ and Fiji more secure, preventing potential man-in-the-middle attacks and arbitrary code injection.