You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Andrew Wang (JIRA)" <ji...@apache.org> on 2016/10/18 19:03:58 UTC
[jira] [Commented] (HADOOP-13732) Upgrade OWASP dependency-check
plugin version
[ https://issues.apache.org/jira/browse/HADOOP-13732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15586354#comment-15586354 ]
Andrew Wang commented on HADOOP-13732:
--------------------------------------
Hi Mike, if we need to use a more recent version of Maven, then we also need to update BUILDING.txt.
Could you comment on the availability of the required Maven version on a few common OSs? e.g. RHEL6, 7, Ubuntu 12/14/16.
> Upgrade OWASP dependency-check plugin version
> ---------------------------------------------
>
> Key: HADOOP-13732
> URL: https://issues.apache.org/jira/browse/HADOOP-13732
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Mike Yoder
> Assignee: Mike Yoder
> Priority: Minor
> Attachments: HADOOP-13732.001.patch
>
>
> For reasons I don't fully understand, the current version (1.3.6) of the OWASP dependency-check plugin produces an essentially empty report on trunk (3.0.0). After some research, it appears that this plugin has undergone significant work in the latest version, 1.4.3. Upgrading to this version produces the expected full report.
> The only gotcha is that a new-ish version of maven is required. I'm using 3.2.2; I know that 3.0.x fails with a strange error.
> This plugin was introduced in HADOOP-13198.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org