Why Maven Blocked the Repository URL
Maven 3.8.1 and newer refuse insecure HTTP repository URLs and route them through the built-in maven-default-http-blocker mirror.
This is not a flaky network error. Maven is intentionally refusing to use an HTTP repository URL because newer versions treat that as an unsafe repository configuration.
Replace HTTP repositories with HTTPS
Treat this as a configuration cleanup task, not a retry problem. Until every relevant repository URL is on HTTPS, Maven will keep blocking the request by design.
Change repository URLs from http:// to https:// wherever they are configured (POM files, parent POM files, and ~/.m2/settings.xml).
If you use an internal repository manager, enable HTTPS and update your mirror URL to the HTTPS endpoint.
If the URL comes from a parent POM you do not control, override repository configuration in a controlled parent or use a company-standard settings.xml mirror that points to an HTTPS repository manager.
A minimal mirror entry looks like <mirror><id>company-proxy</id><mirrorOf>*</mirrorOf><url>https://repo.example.com/repository/maven-public/</url></mirror>.
Retry the build after removing all HTTP repository URLs.
Why HTTP Repositories Are Rejected
Usually this comes down to your project or a parent POM declares a repository using http://, your settings.xml mirror points at an HTTP endpoint, or maven 3.8.1 and newer block those repositories by default to reduce MITM risk.
Prove Maven Is Using HTTPS Now
Re-run mvn -DskipTests package and confirm the maven-default-http-blocker message is gone, and confirm Maven is downloading from https://... repository URLs in the output (use mvn -X if needed).
Find the HTTP repository Maven is still using
Find where the HTTP URL comes from by searching for http:// in your project POM files, parent POM files, and ~/.m2/settings.xml, print effective settings to see mirrors and profiles that may be injecting repository URLs with mvn -q help:effective-settings, and run with debug to see which repository URL Maven is trying to reach with mvn -X -DskipTests package.
Examples
[ERROR] Blocked mirror for repositories: [central (http://repo.maven.apache.org/maven2/, default, releases)]
[ERROR] Failed to transfer artifact org.example:lib:pom:1.2.3 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [central (http://repo.maven.apache.org/maven2/, default, releases)]
<mirror><id>company-proxy</id><mirrorOf>*</mirrorOf><url>https://repo.example.com/repository/maven-public/</url></mirror>Why newer Maven blocks HTTP repositories
Maven downloads dependencies and metadata from repositories configured in your POM files and settings.xml. Starting in Maven 3.8.1, external HTTP repositories are blocked by default because they are insecure. The maven-default-http-blocker entry is the built-in mirror Maven uses to stop accidental HTTP access.
Prevent It From Coming Back
To prevent this, standardize on a single HTTPS mirror or repository manager endpoint for all environments, avoid declaring extra repositories in individual projects unless absolutely necessary, and treat HTTP artifact repositories as a security issue and migrate them to HTTPS.
Docs and source code
github.com/apache/maven/blob/maven-3.9.11/its/core-it-suite/src/test/java/org/apache/maven/it/MavenITmng7128BlockExternalHttpReactorTest.java
Maven's integration tests assert the exact "Blocked mirror for repositories ..." output when an HTTP repository is blocked (MNG-7128). - GitHub
verifier.verifyTextInLog( "[ERROR] Failed to execute goal on project http-repository-in-pom: "
+ "Could not resolve dependencies for project org.apache.maven.its.mng7128:http-repository-in-pom:jar:1.0: "
+ "Failed to collect dependencies at junit:junit:jar:1.3: "
+ "Failed to read artifact descriptor for junit:junit:jar:1.3: "
+ "Could not transfer artifact junit:junit:pom:1.3 from/to maven-default-http-blocker (http://0.0.0.0/): "
+ "Blocked mirror for repositories: [insecure-http-repo (http://repo.maven.apache.org/, default, releases+snapshots)]" );