I'm migrating our internal tooling from 4.21 to 4.25 platform, and see a lot of "unsafe http" warnings on startup at the time Oomph/update managers are checking for updates.
So log has few warnings like:
Using unsafe http transport to retrieve http://our_local_server_in_intranet/, see CVE-2021-41033. Consider using https instead.

I'm OK with reporting that in general, but either there should be a white list or a possibility to mute the warning.
We have few local update sites, and some are maintained by teams that simply run some http server with no https/ssl support, others have https but certificates are self signed and expired, etc.

So ideally one should be able to add some known intranet sites, or just mute the warning.