What This Error Means
Maven 3.8.1 and newer refuse insecure HTTP repository URLs and route them through the built-in maven-default-http-blocker mirror.
How to Fix It
Change repository URLs from http:// to https:// wherever they are configured (POM files, parent POM files, and ~/.m2/settings.xml).
If you use an internal repository manager, enable HTTPS and update your mirror URL to the HTTPS endpoint.
If the URL comes from a parent POM you do not control, override repository configuration in a controlled parent or use a company-standard settings.xml mirror that points to an HTTPS repository manager.
A minimal mirror entry looks like <mirror><id>company-proxy</id><mirrorOf>*</mirrorOf><url>https://repo.example.com/repository/maven-public/</url></mirror>.
Retry the build after removing all HTTP repository URLs.
Why It Happens
Your project or a parent POM declares a repository using http://.
Your settings.xml mirror points at an HTTP endpoint.
Maven 3.8.1 and newer block those repositories by default to reduce MITM risk.
How to Verify
Re-run mvn -DskipTests package and confirm the maven-default-http-blocker message is gone.
Confirm Maven is downloading from https://... repository URLs in the output (use mvn -X if needed).
Manual repository URL checks
Find where the HTTP URL comes from by searching for http:// in your project POM files, parent POM files, and ~/.m2/settings.xml.
Print effective settings to see mirrors and profiles that may be injecting repository URLs:mvn -q help:effective-settings
Run with debug to see which repository URL Maven is trying to reach:mvn -X -DskipTests package
Examples
[ERROR] Blocked mirror for repositories: [central (http://repo.maven.apache.org/maven2/, default, releases)]
[ERROR] Failed to transfer artifact org.example:lib:pom:1.2.3 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [central (http://repo.maven.apache.org/maven2/, default, releases)]
<mirror><id>company-proxy</id><mirrorOf>*</mirrorOf><url>https://repo.example.com/repository/maven-public/</url></mirror>Why Maven blocks HTTP repositories
Maven downloads dependencies and metadata from repositories configured in your POM files and settings.xml.
Starting in Maven 3.8.1, external HTTP repositories are blocked by default because they are insecure.
The maven-default-http-blocker entry is the built-in mirror Maven uses to stop accidental HTTP access.
Prevention Tips
Standardize on a single HTTPS mirror or repository manager endpoint for all environments.
Avoid declaring extra repositories in individual projects unless absolutely necessary.
Treat HTTP artifact repositories as a security issue and migrate them to HTTPS.
Where This Can Be Triggered
github.com/apache/maven/blob/maven-3.9.11/its/core-it-suite/src/test/java/org/apache/maven/it/MavenITmng7128BlockExternalHttpReactorTest.java
Maven's integration tests assert the exact "Blocked mirror for repositories ..." output when an HTTP repository is blocked (MNG-7128). - GitHub
verifier.verifyTextInLog( "[ERROR] Failed to execute goal on project http-repository-in-pom: "
+ "Could not resolve dependencies for project org.apache.maven.its.mng7128:http-repository-in-pom:jar:1.0: "
+ "Failed to collect dependencies at junit:junit:jar:1.3: "
+ "Failed to read artifact descriptor for junit:junit:jar:1.3: "
+ "Could not transfer artifact junit:junit:pom:1.3 from/to maven-default-http-blocker (http://0.0.0.0/): "
+ "Blocked mirror for repositories: [insecure-http-repo (http://repo.maven.apache.org/, default, releases+snapshots)]" );