You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Apache Jenkins Server <je...@builds.apache.org> on 2023/06/01 06:06:35 UTC
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #185
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/185/display/redirect?page=changes>
Changes:
[git] WW-5301 Fix custom VelocityManager bean selection
[43964333+JCgH4164838Gh792C124B5] Update:
[Lukasz Lenart] WW-5310 Properly parses param value with equal sign
[43964333+JCgH4164838Gh792C124B5] Update:
------------------------------------------
[...truncated 1.19 MB...]
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- bundle:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
Jun 01, 2023 6:06:31 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
Jun 01, 2023 6:06:31 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.419 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (46 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.553 s]
[INFO] Struts 2 ........................................... SUCCESS [ 54.156 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:01 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.612 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.858 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.689 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 6.226 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 6.676 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.795 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.293 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.444 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.305 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.510 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.350 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 5.559 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.833 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.426 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.932 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.811 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.061 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.635 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.950 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.632 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:14 min
[INFO] Finished at: 2023-06-01T06:06:34Z
[INFO] ------------------------------------------------------------------------
[WARNING]
[WARNING] Plugin validation issues were detected in 14 plugin(s)
[WARNING]
[WARNING] * org.apache.maven.plugins:maven-jar-plugin:3.2.0
[WARNING] * org.apache.maven.plugins:maven-compiler-plugin:3.8.1
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
[WARNING] * org.apache.felix:maven-bundle-plugin:5.1.6
[WARNING] * com.cj.jshintmojo:jshint-maven-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-source-plugin:3.2.1
[WARNING] * org.apache.maven.plugins:maven-resources-plugin:3.1.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.9.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.7.1
[WARNING] * org.apache.maven.plugins:maven-remote-resources-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:1.4.1
[WARNING] * org.owasp:dependency-check-maven:7.2.0
[WARNING] * org.apache.rat:apache-rat-plugin:0.15
[WARNING] * org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
[WARNING]
[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
[WARNING]
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-dependency-check #205
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/205/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5401 Improves logging around wrapping request and detecting multipart request
[github] WW-5401 Fixes typo
[github] WW-5401 Uses same message approach
[git] WW-5364 Fix potential NPE in XmlDocConfigurationProvider
------------------------------------------
[...truncated 703.23 KB...]
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-spring-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-spring-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 9 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/com/opensymphony/xwork2/spring/SpringObjectFactory.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/com/opensymphony/xwork2/spring/SpringObjectFactory.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-spring-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-spring-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-spring-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/test-classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- surefire:3.2.5:test (default-test) @ struts2-spring-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.spring.StrutsSpringObjectFactoryTest
06:46:38.859 [main] FATAL org.apache.struts2.spring.StrutsSpringObjectFactory - ********** FATAL ERROR STARTING UP STRUTS-SPRING INTEGRATION **********
Looks like the Spring listener was not configured for your web app!
Nothing will work until WebApplicationContextUtils returns a valid ApplicationContext.
You might need to add the following to web.xml:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.770 s -- in org.apache.struts2.spring.StrutsSpringObjectFactoryTest
[INFO] Running com.test.SecurityMemberAccessProxyTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.619 s -- in com.test.SecurityMemberAccessProxyTest
[INFO] Running com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.472 s -- in com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest
[INFO] Running com.opensymphony.xwork2.spring.SpringProxyUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.602 s -- in com.opensymphony.xwork2.spring.SpringProxyUtilTest
[INFO] Running com.opensymphony.xwork2.spring.SpringObjectFactoryTest
Action class is: com.sun.proxy.$Proxy12
[INFO] Tests run: 23, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.400 s -- in com.opensymphony.xwork2.spring.SpringObjectFactoryTest
[INFO] Running com.opensymphony.xwork2.spring.ActionsFromSpringTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.094 s -- in com.opensymphony.xwork2.spring.ActionsFromSpringTest
[INFO] Running com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.091 s -- in com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 43, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-spring-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 34 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 33 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-spring-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/struts2-spring-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-spring-plugin >>>
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce) @ struts2-spring-plugin ---
[INFO] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence passed
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce-maven-version) @ struts2-spring-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-spring-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-spring-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/struts2-spring-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.12.1:attach-descriptor (attach-descriptor) @ struts2-spring-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-spring-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (48 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,CVE-2017-1000487,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus\/plexus\-container\-default@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Spring Plugin:
spring-web-5.3.31.jar (pkg:maven/org.springframework/spring-web@5.3.31, cpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*) : CVE-2024-22243
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:51 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.758 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:03 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.748 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.153 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.488 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.275 s]
[INFO] Struts 2 Spring Plugin ............................. FAILURE [ 12.143 s]
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:31 min
[INFO] Finished at: 2024-03-22T06:46:49Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-spring-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-web-5.3.31.jar: CVE-2024-22243(8.1)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-spring-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-dependency-check #204
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/204/display/redirect?page=changes>
Changes:
[github] Bump maven-surefire-plugin.version from 3.0.0-M7 to 3.2.5
------------------------------------------
[...truncated 686.28 KB...]
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-spring-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-spring-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 9 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/com/opensymphony/xwork2/spring/SpringObjectFactory.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/com/opensymphony/xwork2/spring/SpringObjectFactory.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-spring-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-spring-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-spring-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/test-classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- surefire:3.2.5:test (default-test) @ struts2-spring-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.spring.StrutsSpringObjectFactoryTest
06:47:01.265 [main] FATAL org.apache.struts2.spring.StrutsSpringObjectFactory - ********** FATAL ERROR STARTING UP STRUTS-SPRING INTEGRATION **********
Looks like the Spring listener was not configured for your web app!
Nothing will work until WebApplicationContextUtils returns a valid ApplicationContext.
You might need to add the following to web.xml:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.785 s -- in org.apache.struts2.spring.StrutsSpringObjectFactoryTest
[INFO] Running com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.766 s -- in com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest
[INFO] Running com.opensymphony.xwork2.spring.ActionsFromSpringTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.777 s -- in com.opensymphony.xwork2.spring.ActionsFromSpringTest
[INFO] Running com.opensymphony.xwork2.spring.SpringObjectFactoryTest
Action class is: com.sun.proxy.$Proxy12
[INFO] Tests run: 23, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.166 s -- in com.opensymphony.xwork2.spring.SpringObjectFactoryTest
[INFO] Running com.opensymphony.xwork2.spring.SpringProxyUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.520 s -- in com.opensymphony.xwork2.spring.SpringProxyUtilTest
[INFO] Running com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.070 s -- in com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptorTest
[INFO] Running com.test.SecurityMemberAccessProxyTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.250 s -- in com.test.SecurityMemberAccessProxyTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 43, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-spring-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 34 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 33 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-spring-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/struts2-spring-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-spring-plugin >>>
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce) @ struts2-spring-plugin ---
[INFO] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence passed
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce-maven-version) @ struts2-spring-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-spring-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-spring-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/struts2-spring-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.12.1:attach-descriptor (attach-descriptor) @ struts2-spring-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-spring-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (29 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (1 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,CVE-2017-1000487,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus\/plexus\-container\-default@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Spring Plugin:
spring-web-5.3.31.jar (pkg:maven/org.springframework/spring-web@5.3.31, cpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*) : CVE-2024-22243
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:47 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.379 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:24 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.032 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.534 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 8.507 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 6.252 s]
[INFO] Struts 2 Spring Plugin ............................. FAILURE [ 13.080 s]
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:52 min
[INFO] Finished at: 2024-03-01T06:47:12Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-spring-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-web-5.3.31.jar: CVE-2024-22243(8.1)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-spring-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-dependency-check #203
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/203/display/redirect?page=changes>
Changes:
[github] Bump net.sf.jasperreports:jasperreports from 6.20.6 to 6.21.0
[Sebastian.Peters] Update maven-war-plugin to 3.4.0
[Sebastian.Peters] Update maven-site-plugin to 3.12.1
[Sebastian.Peters] Update assertj to 3.25.2
[Sebastian.Peters] Update slf4j to 2.0.11
[Sebastian.Peters] Update jackson to 2.16.1
[Sebastian.Peters] Update spring to 5.3.31
[Sebastian.Peters] Update log4j2 to 2.21.1
[Sebastian.Peters] Update maven-dependency-plugin to 3.6.1
[Sebastian.Peters] Update maven-enforcer-plugin to 3.4.1
[Sebastian.Peters] Update commons-lang3 to 3.14.0
[Sebastian.Peters] Update commons-io to 2.15.1
[Sebastian.Peters] Update commons-text to 1.11.0
[git] WW-5391 Add interface for VelocityManager extension point
[git] WW-5391 Fix VelocityDecoratorServlet
[git] WW-5391 Migrate other usages
[git] WW-5391 Fix bean definition
[git] WW-5391 Fix serialisation warnings
[Aleksandr Mashchenko] WW-5394 Use request encoding
[github] Bump commons-logging:commons-logging from 1.2 to 1.3.0
[github] Bump actions/upload-artifact from 4.3.0 to 4.3.1
[Greg Huber] s:file shows server/file location WW-5396
[Greg Huber] s:file shows server/file location WW-5396
[Greg Huber] s:file shows server/file location WW-5396
[Greg Huber] s:file shows server/file location WW-5396
[github] Updates link to build status on Jenkins
[github] Bump org.apache.maven.doxia:doxia-core from 1.9.1 to 1.12.0
[github] Bump slf4j.version from 2.0.11 to 2.0.12
[github] Bump commons-validator:commons-validator from 1.6 to 1.8.0
[github] Bump org.apache.maven.doxia:doxia-module-markdown from 1.9.1 to 1.12.0
[github] Bump org.apache.commons:commons-compress from 1.25.0 to 1.26.0
------------------------------------------
[...truncated 1006.24 KB...]
[INFO] Running org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.075 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Running org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Running org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.ScopeMapTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.MapEntryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryTest
[INFO] Running org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Running org.apache.tiles.request.render.DispatchRendererTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.DispatchRendererTest
[INFO] Running org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Running org.apache.tiles.request.render.StringRendererTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.StringRendererTest
[INFO] Running org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Running org.apache.tiles.request.AbstractRequestTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.AbstractRequestTest
[INFO] Running org.apache.tiles.request.RequestExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.RequestExceptionTest
[INFO] Running org.apache.tiles.request.AbstractViewRequestTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.023 s - in org.apache.tiles.request.AbstractViewRequestTest
[INFO] Running org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Running org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Running org.apache.tiles.request.ApplicationAccessTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.ApplicationAccessTest
[INFO] Running org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Running org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Running org.apache.tiles.request.AbstractClientRequestTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.014 s - in org.apache.tiles.request.AbstractClientRequestTest
[INFO] Running org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Running org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Running org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.LocaleUtilTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce) @ struts2-tiles-plugin ---
[INFO] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence passed
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.12.1:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (47 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,CVE-2017-1000487,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus\/plexus\-container\-default@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [03:18 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.158 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:15 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.221 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.607 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.869 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.401 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 11.704 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.850 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.532 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.642 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 14.013 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.353 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 12.265 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.542 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.718 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.027 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.869 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.778 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.082 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 7.584 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.500 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 3.182 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 5.414 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 9.300 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 5.997 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 12.520 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:29 min
[INFO] Finished at: 2024-02-22T10:00:22Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-dependency-check #202
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/202/display/redirect?page=changes>
Changes:
[git] WW-5352 Introduce StrutsParameter annotation
[git] WW-5352 Introduce ThreadAllowlist bean
[git] WW-5352 First draft implementation
[git] WW-5352 Ensure allowlist is cleared if in unexpected state
[git] WW-5352 Add full unit test coverage
[git] WW-5352 Fix missing curved bracket
[git] WW-5352 Enable annotations for showcase
[git] WW-5352 Dispatcher should up thread allowlist
[git] WW-5352 Reinstate manual allowlist for generic types
[git] WW-5352 Implement auto-allowlisting for Iterator component
[git] WW-5352 Mild optimisation
[git] WW-5352 Auto allowlist parameterized types!
[git] WW-5352 Map-like type support
[git] WW-5352 Add unit test coverage for generics
[git] WW-5352 Implement transition mode
[git] WW-5352 Ensure superclasses and interfaces allowlisted
[git] WW-5352 Add debug logging for parameter rejections
[git] WW-5352 Acceptance test coverage
[git] WW-5352 Normalise parameter name
[Lukasz Lenart] Fixes excluding Plexus container in OWASP scan
[Lukasz Lenart] Drops JDK11 build and fixes duplicated steps
[s.peters] Small spelling and MD fixes (IntelliJ assisted)
[Sebastian.Peters] Mention just the maintenance branches for supported versions
[github] Stops running sonar.yml on forks
[Lukasz Lenart] WW-5360 Introduces additional countStr & indexStr to allow to ignore conversion
[github] Bump actions/upload-artifact from 4.2.0 to 4.3.0
------------------------------------------
[...truncated 6.52 KB...]
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-parent <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-parent ---
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-parent ---
[INFO] Attaching 'src/site/site.xml' site descriptor with classifier 'site'.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-parent ---
[INFO] Checking for updates
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:410)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:355)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:501)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:633)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1929)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; unable to connect.
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:187)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:381)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:355)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:501)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:633)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1929)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; unable to connect.
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:267)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:182)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:381)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:355)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:501)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:633)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1929)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:249)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:182)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:381)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:355)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:501)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:633)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1929)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (8451 ms)
[WARNING] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... FAILURE [02:04 min]
[INFO] Struts 2 Bill of Materials ......................... SKIPPED
[INFO] Struts 2 Core ...................................... SKIPPED
[INFO] Struts 2 Plugins ................................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:06 min
[INFO] Finished at: 2024-02-01T06:41:20Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-parent: Fatal exception(s) analyzing Struts 2: One or more exceptions occurred during analysis:
[ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta
[ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; unable to connect.
[ERROR] caused by DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; unable to connect.
[ERROR] caused by DownloadFailedException: Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] NoDataException: No documents exist
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-dependency-check #201
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/201/display/redirect>
Changes:
------------------------------------------
[...truncated 952.60 KB...]
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (66 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [03:16 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.346 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:17 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.614 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.207 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 8.434 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.655 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 11.984 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 9.281 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.388 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.244 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 14.422 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.199 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 11.611 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.852 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 10.122 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.495 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 6.424 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 10.226 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 7.444 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 8.262 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 3.262 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.827 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:06 min
[INFO] Finished at: 2024-01-22T08:18:59Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #200
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/200/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5362 Removes type attribute out of <s:script/> tag
[github] Bump actions/upload-artifact from 3.1.3 to 4.0.0
[github] Bump org.apache.commons:commons-compress from 1.23.0 to 1.24.0
[github] WW-5362 Removes language attribute
[github] WW-5362 Removes deprecated language attribute
[git] WW-5378 Assorted refactor and clean up
[git] WW-5378 Add option to disable ValueStack context fallback
[git] WW-5379 Implement alternative mechanism for Velocity directives to obtain ValueStack
[git] WW-5379 Add support for internal and chained contexts
[git] WW-5379 Fix not looking in chained contexts' chained contexts
[git] WW-5381 Introduce RootAccessor interface for extension point
[git] WW-5381 Introduce extension point for CompoundRootAccessor
[git] WW-5381 Introduce extension point for MethodAccessor
[git] WW-5382 Fix StrutsInternalTestCase
[git] WW-5382 Fix stale injections in Dispatcher
[git] WW-5382 Fix stale bootstrap context on ActionContext
[github] Bump org.apache.commons:commons-compress from 1.23.0 to 1.25.0
[git] WW-5382 Rework existing Dispatcher tests and base test classes
[git] WW-5382 Add test for Dispatcher reinjection
[git] WW-5382 Delete redundant code
[git] WW-5382 Rework Dispatcher injections
[git] WW-5382 Update Dispatcher#getContainer JavaDoc
[git] WW-5364 Add String.class to system allowlist
[git] WW-5379 Use ValueStackProvider marker interface for Velocity context implementation flexibility
[git] WW-5352 Repackage ParametersInterceptor and related classes
[git] WW-5352 Fix SonarCloud logging warnings
[git] WW-5352 Move ParameterNameAware and ParameterValueAware
[git] WW-5352 Refactor ParametersInterceptor
[git] WW-5381 Revert bean removal for backwards compatibility
[git] WW-5381 Revert bean removals for backwards compatibility
[git] WW-5352 Gut deprecated interfaces
[Lukasz Lenart] WW-5383 Updates RegEx to excludes JARs by default
[git] WW-5352 Do not use setter notation for helper methods
[git] WW-5352 Rename acceptable name/value methods
[git] WW-5381 Reimplement ability to register additional MethodAccessors
[git] WW-5381 Remove unnecessary/confusing parameters
[Lukasz Lenart] Stops cleaning nightlies to allow to coexist different versions
[Lukasz Lenart] WW-5365 Reverts changes introduced in WW-5192 to allow evaluate the value attribute
[github] Bump org.apache.maven.plugins:maven-release-plugin
[Lukasz Lenart] Reduces log level to debug to reduce noise in the logs
[git] WW-5352 Clean up OgnlValueStackTest
[git] WW-5352 Move method to XWorkTestCase
[github] Bump actions/upload-artifact from 4.0.0 to 4.1.0
[Lukasz Lenart] WW-5387 Fixes remove() signature
[Lukasz Lenart] WW-5374 Allows to prepend reportUri with Servlet context
[Lukasz Lenart] WW-5369 Re-define minimal library set
[Lukasz Lenart] WW-5374 Uses @code instead of <tt/>
[Lukasz Lenart] WW-5374 Adds additional test case to cover disabling prepending context
[Lukasz Lenart] WW-5357 Adds support for disabled attribute to anchor tag
[Lukasz Lenart] Extends sleep period to avoid breaking a build
[Sebastian.Peters] Upgrade maven to 3.9.6 and wrapper to 3.2.0
[github] Bump actions/upload-artifact from 4.1.0 to 4.2.0
------------------------------------------
[...truncated 925.14 KB...]
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (37 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [02:57 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.065 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:09 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.504 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.878 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.973 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.807 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 10.091 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.174 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.030 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.690 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 16.222 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.078 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.757 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.655 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 10.551 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.509 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 6.157 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.949 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.755 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 7.093 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.893 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.001 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:23 min
[INFO] Finished at: 2024-01-22T06:08:38Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #199
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/199/display/redirect>
Changes:
------------------------------------------
[...truncated 933.59 KB...]
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (68 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [03:23 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.723 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:16 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.664 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.034 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.282 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.276 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 11.558 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.336 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.245 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.639 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 14.776 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.610 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.803 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.467 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 11.738 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.898 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.968 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.914 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.142 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 7.215 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.445 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.162 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:00 min
[INFO] Finished at: 2024-01-01T06:09:17Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #198
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/198/display/redirect?page=changes>
Changes:
[git] WW-5364 Modify XmlDocConfigurationProvider to be able to load into allowlist
[git] WW-5364 Make allowlist classloader specific
[git] WW-5364 Implement provider allowlist
[git] WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
[git] WW-5364 Enable allowlist for showcase
[git] WW-5364 Add Struts components to allowlist
[git] WW-5364 Don't throw ConfigurationException on unloadable action or interceptor classes
[git] WW-5364 Replace some allowlist classes with packages
[git] WW-5343 Collect bootstrap factories
[git] WW-5343 Add unit test coverage for ProviderAllowlist
[git] WW-5343 Move JUnit4 test case into Struts-core
[github] Bump actions/setup-java from 3 to 4 (#804)
[git] WW-5343 Add integration tests for ConfigurationProvider populating ProviderAllowlist
[git] WW-5343 Add missing licenses
[git] WW-5343 Make StrutsTestCase extend same package
[git] WW-5339 Make ClassResolver a bean
[git] WW-5339 Add option to block custom OGNL maps
[Lukasz Lenart] WW-5370 Makes HttpParameters case-insensitive
[Lukasz Lenart] WW-5371 Implements action based file upload
[Lukasz Lenart] WW-5371 Uses the new upload mechanism in Showcase app
[Lukasz Lenart] WW-5371 Simplifies file upload logic and extracts constants
[Lukasz Lenart] WW-5371 Document how to use the new file upload logic
[Lukasz Lenart] WW-5370 Uses TreeMap with case-insensitive comparator
[Lukasz Lenart] WW-5370 Simplifies code
[Lukasz Lenart] WW-5370 Adds proper logic to handle null
[Lukasz Lenart] WW-5370 Simplifies error handling logic
[Lukasz Lenart] WW-5328 Removes deprecated setters
[Lukasz Lenart] Builds Struts 7 as part of the main pipeline
[github] Update CspReportAction.java WW-5373
[git] WW-5364 Add missing system allowlist classes
[github] Bump github/codeql-action from 2 to 3
------------------------------------------
[...truncated 936.07 KB...]
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (50 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:15 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.859 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:19 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.685 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.525 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 8.175 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.291 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 10.804 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.149 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.325 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.708 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 13.603 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.528 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 11.561 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.828 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.234 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.983 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.868 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 10.074 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.176 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 8.583 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.178 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 2.924 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:54 min
[INFO] Finished at: 2023-12-22T06:10:12Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #197
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/197/display/redirect?page=changes>
Changes:
[git] WW-5343 Delete unused code and consolidate constructors
[git] WW-5343 Extract ConfigParseUtil
[git] WW-5343 Extract deprecated methods as default interface methods
[git] WW-5343 Deprecate unnecessary setter
[git] WW-5343 Make SecurityMemberAccess a prototype bean
[git] WW-5343 Refactor OgnlValueStackFactory to utilise SecurityMemberAccess bean
[git] WW-5343 Update OgnlUtil#createDefaultContext to utilise SecurityMemberAccess bean
[git] WW-5343 Move configuration injection from OgnlUtil to SecurityMemberAccess
[git] WW-5343 Fix OgnlUtilTest#testBeanMapExpressions
[git] WW-5343 Fix unit test compilation errors
[git] WW-5343 Remove unnecessary method
[git] WW-5343 Add missing license
[git] WW-5343 Revert and fix serializability
[git] WW-5343 Fix MemberAccess access blocked tests
[git] WW-5343 Remove defunct test now that constant is required
[github] Bump jackson.version from 2.15.3 to 2.16.0
[git] WW-5343 Migrate tests to SecurityMemberAccessTest
[git] WW-5343 Fix final test
[git] WW-5343 Clean up bootstrap constants
[git] WW-5343 Address SonarCloud code smells
------------------------------------------
[...truncated 850.65 KB...]
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (32 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [ 53.610 s]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.701 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:15 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.410 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.063 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.343 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.713 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.569 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.918 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.269 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.325 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.392 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.432 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.300 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.350 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 10.542 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.361 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.728 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.341 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.557 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.969 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.287 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.016 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:17 min
[INFO] Finished at: 2023-12-01T06:06:31Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #196
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/196/display/redirect?page=changes>
Changes:
[git] WW-5350 Refactor SecurityMemberAccess
[git] WW-5350 Fix static member test
[git] WW-5350 Fix argument validation
[git] WW-5350 Make property matching code more succinct
[git] WW-5350 See target to null in special case
[git] WW-5350 Implement OGNL Allowlist capability
[github] Bump slf4j.version from 2.0.7 to 2.0.9
[github] Bump net.sf.jasperreports:jasperreports from 6.20.5 to 6.20.6
[git] WW-5350 Fix mismatched logging
[Lukasz Lenart] WW-5333 Refactors AttributeMap
[Lukasz Lenart] Uses the new notifications@ list for all the messages form Github
[git] WW-5363 Velocity: read chained contexts before ValueStack
[git] WW-5363 Add test coverage
[git] WW-5363 Fix super#internalGet
[git] WW-5363 Improve code coverage
[Lukasz Lenart] Send Jenkins notifications to the notifications@ list
[git] WW-5363 Remove redundant method from VelocityManager
------------------------------------------
[...truncated 882.50 KB...]
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (30 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [03:29 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.586 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:00 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.411 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.013 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.267 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.909 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.933 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.438 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.729 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.493 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.663 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.243 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.561 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.217 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 10.311 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.551 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.427 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.777 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.953 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.881 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.476 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.014 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:39 min
[INFO] Finished at: 2023-11-22T06:08:56Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #195
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/195/display/redirect?page=changes>
Changes:
[github] Bump org.owasp:dependency-check-maven from 7.2.0 to 8.4.2
[tatsuo.tsuchie] Improved charset retrieval to get only once.
[github] Update core/src/main/java/org/apache/struts2/url/StrutsUrlDecoder.java
[github] Update core/src/main/java/org/apache/struts2/url/StrutsUrlDecoder.java
[git] WW-5358 Expand exclusion lists
[github] Bump ossf/scorecard-action from 2.3.0 to 2.3.1
[github] Bump junit:junit from 4.13.1 to 4.13.2
[github] Bump org.jacoco:jacoco-maven-plugin from 0.8.8 to 0.8.11
------------------------------------------
[...truncated 587.70 KB...]
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.017 s - in com.opensymphony.xwork2.util.fs.DefaultFileManagerFactoryTest
[INFO] Running com.opensymphony.xwork2.util.fs.JarEntryRevisionTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.247 s - in com.opensymphony.xwork2.util.fs.JarEntryRevisionTest
[INFO] Running com.opensymphony.xwork2.util.ResolverUtilTest
2023-11-01 06:03:37,826 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/test-classes/com]> matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:37,854 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/classes/com]> matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:37,879 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/com/github/ben-manes/caffeine/caffeine/2.9.3/caffeine-2.9.3.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,124 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/com/google/errorprone/error_prone_annotations/2.10.0/error_prone_annotations-2.10.0.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,130 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/mockobjects/mockobjects-jdk1.3/0.09/mockobjects-jdk1.3-0.09.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,152 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/mockobjects/mockobjects-jdk1.3-j2ee1.3/0.09/mockobjects-jdk1.3-j2ee1.3-0.09.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,154 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockConnection.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Connection
2023-11-01 06:03:38,154 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMapMessage.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/MapMessage
2023-11-01 06:03:38,155 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMessage.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Message
2023-11-01 06:03:38,156 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMessageConsumer.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/MessageConsumer
2023-11-01 06:03:38,156 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMessageProducer.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/MessageProducer
2023-11-01 06:03:38,157 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMessagePublisher.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/MessageProducer
2023-11-01 06:03:38,157 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockObjectMessage.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/ObjectMessage
2023-11-01 06:03:38,158 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueue.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Queue
2023-11-01 06:03:38,158 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueConnection.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueConnection
2023-11-01 06:03:38,159 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueConnectionFactory.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueConnectionFactory
2023-11-01 06:03:38,159 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueReceiver.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueReceiver
2023-11-01 06:03:38,160 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueSender.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueSender
2023-11-01 06:03:38,161 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueSession.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueSession
2023-11-01 06:03:38,161 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockSession.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Session
2023-11-01 06:03:38,162 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTemporaryQueue.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TemporaryQueue
2023-11-01 06:03:38,162 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTextMessage.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TextMessage
2023-11-01 06:03:38,163 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopic.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Topic
2023-11-01 06:03:38,163 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicConnection.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicConnection
2023-11-01 06:03:38,164 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicConnectionFactory.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicConnectionFactory
2023-11-01 06:03:38,164 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicPublisher.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicPublisher
2023-11-01 06:03:38,165 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicSession.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicSession
2023-11-01 06:03:38,165 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicSubscriber.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicSubscriber
2023-11-01 06:03:38,185 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/mockobjects/mockobjects-core/0.09/mockobjects-core-0.09.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,195 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/com/beust/jcommander/1.78/jcommander-1.78.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,217 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/test-classes/com/opensymphony/xwork2/util]> matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,219 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/classes/com/opensymphony/xwork2/util]> matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,221 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/test-classes/]> matching criteria: named /xwork-default.xml
2023-11-01 06:03:38,344 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/classes/]> matching criteria: named /xwork-default.xml
2023-11-01 06:03:38,464 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/test-classes/com/opensymphony]> matching criteria: named /SimpleAction.properties
2023-11-01 06:03:38,482 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/classes/com/opensymphony]> matching criteria: named /SimpleAction.properties
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.67 s - in com.opensymphony.xwork2.util.ResolverUtilTest
[INFO] Running com.opensymphony.xwork2.util.WildcardHelperTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in com.opensymphony.xwork2.util.WildcardHelperTest
[INFO] Running com.opensymphony.xwork2.util.ClassLoaderUtilTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.ClassLoaderUtilTest
[INFO] Running com.opensymphony.xwork2.util.WildcardUtilTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in com.opensymphony.xwork2.util.WildcardUtilTest
[INFO] Running com.opensymphony.xwork2.util.StrutsLocalizedTextProviderTest
default message
2023-11-01 06:03:38,620 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
2023-11-01 06:03:38,822 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
2023-11-01 06:03:38,822 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
2023-11-01 06:03:38,823 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
2023-11-01 06:03:38,823 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
action property
Foo Range Message
non.existant
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.603 s - in com.opensymphony.xwork2.util.StrutsLocalizedTextProviderTest
[INFO] Running com.opensymphony.xwork2.util.GetPropertiesTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in com.opensymphony.xwork2.util.GetPropertiesTest
[INFO] Running com.opensymphony.xwork2.util.TextParseUtilTest
[INFO] Tests run: 12, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.047 s - in com.opensymphony.xwork2.util.TextParseUtilTest
[INFO] Running com.opensymphony.xwork2.util.NamedVariablePatternMatcherTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.NamedVariablePatternMatcherTest
[INFO] Running com.opensymphony.xwork2.util.location.LocationUtilsTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.location.LocationUtilsTest
[INFO] Running com.opensymphony.xwork2.util.location.LocationAttributesTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.location.LocationAttributesTest
[INFO] Running com.opensymphony.xwork2.util.location.LocationImplTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.location.LocationImplTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 2493, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-core ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 1508 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 1501 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-core ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/struts2-core-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-core >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-core ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-core ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-core <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-core ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/struts2-core-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-core ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-core ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (9 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[ERROR] Exception occurred initializing RetireJS Analyzer.
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-1000487, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [ 9.824 s]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.317 s]
[INFO] Struts 2 Core ...................................... FAILURE [02:13 min]
[INFO] Struts 2 Plugins ................................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:27 min
[INFO] Finished at: 2023-11-01T06:03:46Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-core: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR] InitializationException: Failed to initialize the RetireJS repo: `/tmp/dctemp67b50464-6e9f-40dd-b272-4d3520837cef/jsrepository.json` appears to be malformed. Please delete the file or run the dependency-check purge command and re-try running dependency-check.
[ERROR] caused by JSONException: No value for info
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-core
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #194
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/194/display/redirect?page=changes>
Changes:
[github] Bump org.jfree:jfreechart from 1.5.1 to 1.5.4
[Lukasz Lenart] WW-5347 Upgrades to commons-digester3 ver 3.2
[Lukasz Lenart] WW-5338 Removes deprecated OgnTool
[Lukasz Lenart] WW-5338 Removes also deprecated constant in ContextUtil
[Lukasz Lenart] WW-5344 Un-deprecates Sitemesh plugin and upgrades Sitmesh to ver 2.5.0
[git] WW-5340 Mild refactor StrutsOgnlGuard for easier subclassing
[git] WW-5340 Add debug logging for rejected form fields
[git] WW-5340 Sanitize field names before logging
[github] Bump ossf/scorecard-action from 2.2.0 to 2.3.0
[git] WW-5349 Remove Struts core dependency on OGNL VarRefs
[git] WW-5349 Remove corresponding unit tests
[git] Add JDK 21 build
[git] Fix JDK 21 build
[git] Convert test class to JUnit4
[git] Upgrade EasyMock
[git] WW-5354 Ensure ActionSupport fields are not parameter injectable
[git] WW-5355 Use LRU cache by default
[git] WW-5355 Prevent AtomicInteger being initialised to zero
[git] WW-5355 Initial Caffeine cache implementation
[git] WW-5355 Fix eviction limit in LRU cache not being enforced
[git] WW-5355 Update JavaDoc for basic and LRU cache
[git] WW-5355 Introduce new Struts constants and their defaults
[git] WW-5355 Unify bootstrap constant declaration
[git] WW-5355 Introduce new cache type selection methods and deprecate problematic setter injection
[git] Upgrade Jackson and remove unnecessary transitive override
[git] Unify HtmlUnit versions
[git] Upgrade ASM and exclude conflicting artifact
[git] WW-5355 Downgrade Caffeine version
[git] WW-5355 Fix interface and unit test bug
[git] WW-5355 Address code smells
[git] WW-5355 Delegate deprecated constructor
[git] WW-5355 Extract constants into static final fields
[git] WW-5355 Declare bootstrap constants as final field instead
[git] WW-5355 Add since tags to StrutsConstants JavaDoc
[github] Bump org.codehaus.mojo:versions-maven-plugin from 2.7 to 2.16.1
[git] WW-5355 Amend Caffeine cache implementation
[git] WW-5355 Rename cache types
[git] WW-5355 Bootstrap using basic cache
------------------------------------------
[...truncated 768.35 KB...]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-pell-multipart-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-pell-multipart-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-pell-multipart-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-pell-multipart-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 5 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 4 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-pell-multipart-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/struts2-pell-multipart-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-pell-multipart-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-pell-multipart-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-pell-multipart-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-pell-multipart-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-pell-multipart-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/struts2-pell-multipart-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-pell-multipart-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-pell-multipart-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (32 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (32 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2021-4277, CVE-2022-4245
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [01:01 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.608 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:04 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.259 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.816 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.701 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.796 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.767 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.601 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.814 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.289 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.796 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.346 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.804 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.175 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 8.195 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.300 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.852 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.012 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.913 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.674 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.248 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 2.820 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:11 min
[INFO] Finished at: 2023-10-22T06:06:38Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #193
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/193/display/redirect?page=changes>
Changes:
[git] WW-5341 Refactor SecurityMemberAccess methods for reuse
[git] WW-5341 Clean up SecurityMemberAccess#restore
[git] WW-5341 Further refactor of OgnlUtil and SecurityMemberAccess to store excluded classes as Strings
[git] WW-5341 Move proxy check to be first
[git] WW-5341 Split package exclusion check
[git] WW-5341 Clean up OgnlUtilTest
[git] WW-5341 Add unit test for excluded pattern validation
[git] WW-5341 Fix default ClassLoader
[git] WW-5342 Ban use of default package
[git] WW-5341 Make validation more efficient
[git] WW-5339 Clean up OgnlValueStackTest
[git] WW-5339 Misc clean up in CompoundRootAccessor
[git] WW-5342 Implement default off option
[git] WW-5342 Optimise package exclusion check
[git] WW-5340 Refactor OgnlUtil, specifically calls to Ognl#getValue,setValue,parseExpression
[git] WW-5340 Remove redundant check on #setValue
[git] WW-5340 Rename functional interface
[git] WW-5340 Fix OgnlReflectionProvider bypassing OgnlUtil
[hepptho-github.sbd2s] replace BeanManager::createInjectionTarget
[hepptho-github.sbd2s] indent CdiObjectFactory with 4 spaces everywhere
[git] Split SonarCloud into separate action
[git] WW-5340 Introducing OGNL Guard
[git] WW-5340 Fix tests
[git] WW-5340 Make OgnlGuard a configurable bean
[git] WW-5340 Cache OgnlGuard result
[git] WW-5340 Add validation to excluded node configuration
[git] WW-5340 Add unit tests
[git] WW-5340 Refactor OgnlGuard to do the parsing
[git] WW-5340 Correct optimisation
[git] WW-5340 Rename DefaultOgnlGuard to StrutsOgnlGuard
[git] WW-5340 Repackage OgnlGuard
[git] WW-5340 Rename blocked by OgnlGuard string
[git] WW-5340 Make excludedNodeTypes protected for subclassing versatility
[git] WW-5348 Introduce protected #logPatternChange method
------------------------------------------
[...truncated 824.34 KB...]
[INFO] Running org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Running org.apache.tiles.web.jsp.taglib.UseAttributeTagTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.053 s - in org.apache.tiles.web.jsp.taglib.UseAttributeTagTest
[INFO] Running org.apache.tiles.web.startup.AbstractTilesListenerTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.023 s - in org.apache.tiles.web.startup.AbstractTilesListenerTest
[INFO] Running org.apache.tiles.template.AddListAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.AddListAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Running org.apache.tiles.template.AddAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.template.AddAttributeModelTest
[INFO] Running org.apache.tiles.template.PutAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.PutAttributeModelTest
[INFO] Running org.apache.tiles.template.DefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.DefinitionModelTest
[INFO] Running org.apache.tiles.template.PutListAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.PutListAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertTemplateModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertTemplateModelTest
[INFO] Running org.apache.tiles.template.SetCurrentContainerModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.SetCurrentContainerModelTest
[INFO] Running org.apache.tiles.template.InsertAttributeModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertAttributeModelTest
[INFO] Running org.apache.tiles.template.ImportAttributeModelTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ImportAttributeModelTest
[INFO] Running org.apache.tiles.template.GetAsStringModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.GetAsStringModelTest
[INFO] Running org.apache.tiles.template.DefaultAttributeResolverTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.DefaultAttributeResolverTest
[INFO] Running org.apache.tiles.template.ComposeStackUtilTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ComposeStackUtilTest
[INFO] Running org.apache.tiles.autotag.model.TemplateClassTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.006 s - in org.apache.tiles.autotag.model.TemplateClassTest
[INFO] Running org.apache.tiles.autotag.model.TemplateParameterTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateParameterTest
[INFO] Running org.apache.tiles.autotag.model.TemplateSuiteTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateSuiteTest
[INFO] Running org.apache.tiles.autotag.model.TemplateMethodTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateMethodTest
[INFO] Running org.apache.tiles.autotag.runtime.AbstractModelBodyTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.005 s - in org.apache.tiles.autotag.runtime.AbstractModelBodyTest
[INFO] Running org.apache.tiles.autotag.runtime.util.NullWriterTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.runtime.util.NullWriterTest
[INFO] Running org.apache.tiles.autotag.jsp.JspTemplateGeneratorFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.045 s - in org.apache.tiles.autotag.jsp.JspTemplateGeneratorFactoryTest
[INFO] Running org.apache.tiles.autotag.jsp.TLDGeneratorTest
SLF4J: No SLF4J providers were found.
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details.
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.433 s - in org.apache.tiles.autotag.jsp.TLDGeneratorTest
[INFO] Running org.apache.tiles.autotag.jsp.TagClassGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.093 s - in org.apache.tiles.autotag.jsp.TagClassGeneratorTest
[INFO] Running org.apache.tiles.autotag.freemarker.FMTemplateGeneratorFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.freemarker.FMTemplateGeneratorFactoryTest
[INFO] Running org.apache.tiles.autotag.freemarker.FMModelGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.041 s - in org.apache.tiles.autotag.freemarker.FMModelGeneratorTest
[INFO] Running org.apache.tiles.autotag.freemarker.FMModelRepositoryGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.024 s - in org.apache.tiles.autotag.freemarker.FMModelRepositoryGeneratorTest
[INFO] Running org.apache.tiles.autotag.velocity.VelocityPropertiesGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.023 s - in org.apache.tiles.autotag.velocity.VelocityPropertiesGeneratorTest
[INFO] Running org.apache.tiles.autotag.velocity.VelocityDirectiveGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.034 s - in org.apache.tiles.autotag.velocity.VelocityDirectiveGeneratorTest
[INFO] Running org.apache.tiles.autotag.velocity.VelocityTemplateGeneratorFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.velocity.VelocityTemplateGeneratorFactoryTest
[INFO] Running org.apache.tiles.el.ScopeELResolverTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.el.ScopeELResolverTest
[INFO] Running org.apache.tiles.el.TilesContextBeanELResolverTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.el.TilesContextBeanELResolverTest
[INFO] Running org.apache.tiles.el.TilesContextELResolverTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.el.TilesContextELResolverTest
[INFO] Running org.apache.tiles.el.ELAttributeEvaluatorTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.057 s - in org.apache.tiles.el.ELAttributeEvaluatorTest
[INFO] Running org.apache.tiles.el.ELContextImplTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.el.ELContextImplTest
[INFO] Running org.apache.tiles.el.JspExpressionFactoryFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.007 s - in org.apache.tiles.el.JspExpressionFactoryFactoryTest
[INFO] Running org.apache.tiles.api.access.TilesAccessTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.access.TilesAccessTest
[INFO] Running org.apache.tiles.api.TilesContainerWrapperTest
[INFO] Tests run: 13, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.TilesContainerWrapperTest
[INFO] Running org.apache.tiles.api.ListAttributeTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.ListAttributeTest
[INFO] Running org.apache.tiles.api.NoSuchContainerExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.NoSuchContainerExceptionTest
[INFO] Running org.apache.tiles.api.ExpressionTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.ExpressionTest
[INFO] Running org.apache.tiles.api.preparer.PreparerExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.preparer.PreparerExceptionTest
[INFO] Running org.apache.tiles.api.AttributeTest
[INFO] Tests run: 14, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.AttributeTest
[INFO] Running org.apache.tiles.api.BasicAttributeContextTest
[INFO] Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.BasicAttributeContextTest
[INFO] Running org.apache.tiles.api.TilesExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.TilesExceptionTest
[INFO] Running org.apache.struts2.tiles.StrutsTilesAnnotationProcessorTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.struts2.tiles.StrutsTilesAnnotationProcessorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-tiles-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (49 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:22 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.836 s]
[INFO] Struts 2 Core ...................................... SUCCESS [03:03 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.457 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.817 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 12.042 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 7.487 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 15.968 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 12.138 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 12.095 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.625 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 20.126 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.681 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 17.042 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.845 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 14.063 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 7.318 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 8.241 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 14.208 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 9.130 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 10.264 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 3.954 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 4.677 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.414 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 12.747 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 8.477 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 17.422 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 11:30 min
[INFO] Finished at: 2023-10-01T06:12:52Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #192
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/192/display/redirect?page=changes>
Changes:
[Lukasz Lenart] Reverts version to 6.3.0-SNAPSHOT
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[Lukasz Lenart] Moves all CI notifications to commits@ list
[github] Update .asf.yaml
[github] Bump actions/checkout from 3 to 4
[github] Bump actions/upload-artifact from 3.1.2 to 3.1.3
[github] Bump actions/cache from 3.3.1 to 3.3.2
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0_1
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[Lukasz Lenart] Always delete uploaded file
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0_1
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
------------------------------------------
[...truncated 824.83 KB...]
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ImportAttributeModelTest
[INFO] Running org.apache.tiles.template.AddAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.AddAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertAttributeModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertAttributeModelTest
[INFO] Running org.apache.tiles.template.DefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.DefinitionModelTest
[INFO] Running org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Running org.apache.tiles.template.GetAsStringModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.GetAsStringModelTest
[INFO] Running org.apache.tiles.template.ComposeStackUtilTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ComposeStackUtilTest
[INFO] Running org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Running org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Running org.apache.tiles.request.AbstractViewRequestTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.028 s - in org.apache.tiles.request.AbstractViewRequestTest
[INFO] Running org.apache.tiles.request.RequestExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.RequestExceptionTest
[INFO] Running org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Running org.apache.tiles.request.render.StringRendererTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.StringRendererTest
[INFO] Running org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Running org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Running org.apache.tiles.request.render.DispatchRendererTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.DispatchRendererTest
[INFO] Running org.apache.tiles.request.collection.MapEntryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.002 s - in org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.01 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Running org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.ScopeMapTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapTest
[INFO] Tests run: 14, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.HeaderValuesMapTest
[INFO] Running org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Running org.apache.tiles.request.collection.KeySetTest
[INFO] Tests run: 17, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.KeySetTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapEntrySetTest
[INFO] Running org.apache.tiles.request.AbstractClientRequestTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.018 s - in org.apache.tiles.request.AbstractClientRequestTest
[INFO] Running org.apache.tiles.request.AbstractRequestTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.request.AbstractRequestTest
[INFO] Running org.apache.tiles.request.ApplicationAccessTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.ApplicationAccessTest
[INFO] Running org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Running org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Running org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Running org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Running org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Running org.apache.tiles.web.jsp.taglib.UseAttributeTagTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.03 s - in org.apache.tiles.web.jsp.taglib.UseAttributeTagTest
[INFO] Running org.apache.tiles.web.startup.AbstractTilesListenerTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.01 s - in org.apache.tiles.web.startup.AbstractTilesListenerTest
[INFO] Running org.apache.tiles.api.TilesContainerWrapperTest
[INFO] Tests run: 13, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.TilesContainerWrapperTest
[INFO] Running org.apache.tiles.api.AttributeTest
[INFO] Tests run: 14, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.AttributeTest
[INFO] Running org.apache.tiles.api.TilesExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.TilesExceptionTest
[INFO] Running org.apache.tiles.api.BasicAttributeContextTest
[INFO] Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.BasicAttributeContextTest
[INFO] Running org.apache.tiles.api.preparer.PreparerExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.preparer.PreparerExceptionTest
[INFO] Running org.apache.tiles.api.access.TilesAccessTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.access.TilesAccessTest
[INFO] Running org.apache.tiles.api.NoSuchContainerExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.NoSuchContainerExceptionTest
[INFO] Running org.apache.tiles.api.ListAttributeTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.ListAttributeTest
[INFO] Running org.apache.tiles.api.ExpressionTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.ExpressionTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-tiles-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (37 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:07 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.593 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:56 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.315 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.134 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.225 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.956 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.460 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.711 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.886 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.371 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.245 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.204 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.696 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.137 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.508 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.121 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.127 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.085 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.092 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.904 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.284 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 2.892 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.818 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 8.663 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 5.710 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 11.532 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:42 min
[INFO] Finished at: 2023-09-22T06:09:59Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #191
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/191/display/redirect?page=changes>
Changes:
[git] WW-5336 Tidy up FreemarkerManager
[git] WW-5336 Deprecate OgnlTool
[git] WW-5336 Clean up StrutsUtil
[git] WW-5336 Deprecate OGNL in template context
[git] WW-5336 Reduce cognitive complexity #makeSelectList
[git] WW-5336 Switch to HashMap as concurrency handling not required
[git] WW-5336 Update JavaDoc VelocityManager
[Lukasz Lenart] Drops duplicated dependency
[git] WW-5336 Fix visibility warnings
[git] WW-5336 Correct assertions and add test case
[git] WW-5336 Move XML comment to be clearer
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[git] WW-5334 Fix empty chained context name
------------------------------------------
[...truncated 837.21 KB...]
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.SetCurrentContainerModelTest
[INFO] Running org.apache.tiles.template.ImportAttributeModelTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ImportAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertAttributeModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertAttributeModelTest
[INFO] Running org.apache.tiles.template.PutListAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.PutListAttributeModelTest
[INFO] Running org.apache.tiles.template.GetAsStringModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.GetAsStringModelTest
[INFO] Running org.apache.tiles.template.PutAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.PutAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Running org.apache.tiles.template.ComposeStackUtilTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ComposeStackUtilTest
[INFO] Running org.apache.tiles.template.AddListAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.AddListAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertTemplateModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertTemplateModelTest
[INFO] Running org.apache.tiles.template.DefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.DefinitionModelTest
[INFO] Running org.apache.tiles.core.definition.DefinitionsFactoryExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.DefinitionsFactoryExceptionTest
[INFO] Running org.apache.tiles.core.definition.pattern.PrefixedPatternDefinitionResolverTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.PrefixedPatternDefinitionResolverTest
[INFO] Running org.apache.tiles.core.definition.pattern.PatternUtilTest
[INFO] Tests run: 11, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.PatternUtilTest
[INFO] Running org.apache.tiles.core.definition.pattern.AbstractPatternDefinitionResolverTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.AbstractPatternDefinitionResolverTest
[INFO] Running org.apache.tiles.core.definition.pattern.wildcard.WildcardDefinitionPatternMatcherFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.wildcard.WildcardDefinitionPatternMatcherFactoryTest
[INFO] Running org.apache.tiles.core.definition.pattern.wildcard.WildcardDefinitionPatternMatcherTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.wildcard.WildcardDefinitionPatternMatcherTest
[INFO] Running org.apache.tiles.core.definition.pattern.regexp.RegexpDefinitionPatternMatcherFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.regexp.RegexpDefinitionPatternMatcherFactoryTest
[INFO] Running org.apache.tiles.core.definition.pattern.regexp.RegexpDefinitionPatternMatcherTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.regexp.RegexpDefinitionPatternMatcherTest
[INFO] Running org.apache.tiles.core.definition.pattern.BasicPatternDefinitionResolverTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.BasicPatternDefinitionResolverTest
[INFO] Running org.apache.tiles.core.definition.dao.BaseLocaleUrlDefinitionDAOTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.125 s - in org.apache.tiles.core.definition.dao.BaseLocaleUrlDefinitionDAOTest
[INFO] Running org.apache.tiles.core.definition.dao.CachingLocaleUrlDefinitionDAOTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.149 s - in org.apache.tiles.core.definition.dao.CachingLocaleUrlDefinitionDAOTest
[INFO] Running org.apache.tiles.core.definition.dao.ResolvingLocaleUrlDefinitionDAOTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.096 s - in org.apache.tiles.core.definition.dao.ResolvingLocaleUrlDefinitionDAOTest
[INFO] Running org.apache.tiles.core.definition.UnresolvingLocaleDefinitionsFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.UnresolvingLocaleDefinitionsFactoryTest
[INFO] Running org.apache.tiles.core.definition.digester.DigesterDefinitionsReaderExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.digester.DigesterDefinitionsReaderExceptionTest
[INFO] Running org.apache.tiles.core.definition.NoSuchDefinitionExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.NoSuchDefinitionExceptionTest
[INFO] Running org.apache.tiles.core.util.CombinedBeanInfoTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.util.CombinedBeanInfoTest
[INFO] Running org.apache.tiles.core.evaluator.EvaluatorExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.evaluator.EvaluatorExceptionTest
[INFO] Running org.apache.tiles.core.evaluator.BasicAttributeEvaluatorFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.evaluator.BasicAttributeEvaluatorFactoryTest
[INFO] Running org.apache.tiles.core.evaluator.impl.DirectAttributeEvaluatorTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.evaluator.impl.DirectAttributeEvaluatorTest
[INFO] Running org.apache.tiles.core.renderer.DefinitionRendererTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.renderer.DefinitionRendererTest
[INFO] Running org.apache.tiles.core.factory.NoSuchPreparerExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.factory.NoSuchPreparerExceptionTest
[INFO] Running org.apache.tiles.core.factory.BasicTilesContainerFactoryTest
[INFO] Tests run: 12, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.factory.BasicTilesContainerFactoryTest
[INFO] Running org.apache.tiles.core.factory.BasicPreparerFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.factory.BasicPreparerFactoryTest
[INFO] Running org.apache.tiles.core.factory.TilesContainerFactoryExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.factory.TilesContainerFactoryExceptionTest
[INFO] Running org.apache.tiles.core.startup.AbstractTilesInitializerTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.startup.AbstractTilesInitializerTest
[INFO] Running org.apache.tiles.core.impl.DefaultLocaleResolverTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.DefaultLocaleResolverTest
[INFO] Running org.apache.tiles.core.impl.BasicTilesContainerTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.BasicTilesContainerTest
[INFO] Running org.apache.tiles.core.impl.mgmt.CachingTilesContainerTest
[INFO] Tests run: 11, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.mgmt.CachingTilesContainerTest
[INFO] Running org.apache.tiles.core.impl.CannotRenderExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.CannotRenderExceptionTest
[INFO] Running org.apache.tiles.core.impl.BasicTilesContainerUnitTest
[INFO] Tests run: 30, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.core.impl.BasicTilesContainerUnitTest
[INFO] Running org.apache.tiles.core.impl.InvalidTemplateExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.InvalidTemplateExceptionTest
[INFO] Running org.apache.tiles.ognl.DelegatePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.ognl.DelegatePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.TilesContextPropertyAccessorDelegateFactoryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.ognl.TilesContextPropertyAccessorDelegateFactoryTest
[INFO] Running org.apache.tiles.ognl.ScopePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.ScopePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.AnyScopePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.AnyScopePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.OGNLAttributeEvaluatorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.046 s - in org.apache.tiles.ognl.OGNLAttributeEvaluatorTest
[INFO] Running org.apache.tiles.ognl.NestedObjectDelegatePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.NestedObjectDelegatePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.TilesApplicationContextNestedObjectExtractorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.TilesApplicationContextNestedObjectExtractorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-tiles-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (40 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [ 52.141 s]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.438 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:54 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.264 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.701 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.658 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.296 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.236 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.353 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.537 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.163 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.920 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.165 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.771 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.117 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 7.010 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.837 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 4.701 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.429 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.518 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.647 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.115 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 2.893 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.396 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.814 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 5.194 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 11.740 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:13 min
[INFO] Finished at: 2023-09-01T06:06:33Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #190
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/190/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5233 Introduces Tiles base code into the Tiles plugin
[Lukasz Lenart] WW-5233 Disables XML external entity parsing
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0_RC1
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[Lukasz Lenart] WW-5327 Stops using JavaBeans notation for setters
[Lukasz Lenart] Excludes BeanMap
[Lukasz Lenart] Ignores class existence
[Lukasz Lenart] Extends exclusion list
[Lukasz Lenart] WW-5327 Makes deprecated setters operational
[Lukasz Lenart] WW-5327 Makes deprecated setters operational
[Lukasz Lenart] WW-5329 Upgrades xstream to version 1.4.20
[github] Update StreamResult.java
[git] WW-5332 Add validation for package name parsing
[git] WW-5332 Add additional test cases
[Lukasz Lenart] WW-5331 Uses proper signature of get()
[Lukasz Lenart] Defines a proper CODEOWNERS file
[Lukasz Lenart] WW-5327 Removes duplicated exclusion
[Lukasz Lenart] Increases wait time to avoid failing test
[Lukasz Lenart] Uses Java 17 to perform Code Quality check
[Lukasz Lenart] WW-5327 Removes all duplicated excluded classes
[Lukasz Lenart] Uses verify phase instead of just test to run integration tests
[Lukasz Lenart] Reverts to test phase only when running on JDK 8 & 11 to avoid integration tests clash
[Lukasz Lenart] WW-5331 Covers new logic with tests
[Lukasz Lenart] WW-5331 Adds missing header with licence
[Lukasz Lenart] WW-5331 Adds tests covering ApplicationMap
[git] WW-5334 Correct struts2-xslt-plugin pom
[git] WW-5334 Plugins don't need to include core as compile scope
[git] WW-5334 Include Mockito as test dependency for all plugins
[git] WW-5334 Fix Portlet plugin dependency scopes
[git] WW-5334 Fix Junit module README
[git] WW-5334 Remove unnecessary Mockito exclusion
[git] WW-5334 Extract Portlet test case into own module
[git] WW-5334 Remove redundant declaration of javax.servlet-api
[git] WW-5334 Extract javax.servlet-api into parent POM
[git] WW-5334 Add struts2-junit-plugin as test scope to struts2-velocity-plugin
[git] WW-5334 Extract StrutsPortletTestCaseTest and fix tests
[git] WW-5334 Clean up bean-validation pom
[git] WW-5334 Lift log4j dependencies
[git] WW-5334 Remove redundant dependency from portlet pom
[git] WW-5334 Misc corrections
[git] WW-5334 Remove unnecessary Spring override
[git] WW-5334 Remove plugin dependency on commons-lang3 (provided by core)
[git] WW-5334 Remove other unneeded declarations
[git] WW-5334 Fix log4j binding
[git] WW-5334 Delete unneeded override (moved to StrutsPortletTestCaseTest)
[git] WW-5334 Remove unused imports ContextUtil
[git] WW-5334 Clean up VelocityStrutsUtil
[git] WW-5334 Clean up VelocityManager#applyDefaultConfiguration
[git] WW-5334 Clean up VelocityManager context creation
[git] WW-5334 Remove unused import XWorkTestCase
[git] WW-5334 Modernise VelocityResultTest
[git] WW-5334 Add basic unit tests for VelocityManager
[git] WW-5334 Fix license for VelocityManagerTest
[git] WW-5334 Add AssertJ as default plugin test dependency
[git] WW-5334 Add further unit tests to VelocityManagerTest
[git] WW-5334 Extract ConventionJUnit4Test into correct module
[Lukasz Lenart] WW-5331 Adds missing @Override annotations
[git] WW-5337 Catch PatternSyntaxException and ensure ConfigurationException thrown
[git] WW-5337 Minor clean up OgnlUtil
[git] WW-5337 Strip trailing periods from package names provided as not needed
[git] WW-5337 Make #isExcludedPackageNamePatterns more succinct
[git] WW-5337 Make #isClassExcluded (semantics changes) and #isExcludedPackageExempt constant time
[git] WW-5337 Make #isExcludedPackageNames runtime proportional to no. of package parts rather than no. of excluded packages
[git] WW-5337 Update struts-excluded-classes.xml to not have trailing periods
[git] WW-5337 Revert Object special handling
[git] WW-5337 Drop superinterface/superclass banning test
[git] WW-5337 Fix #testPackageNameExclusionAsCommaDelimited
[git] WW-5337 Initialise default exclusions one-time in SecurityMemberAccess (more performant)
------------------------------------------
[...truncated 805.19 KB...]
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.freemarker.FMTemplateGeneratorFactoryTest
[INFO] Running org.apache.tiles.autotag.model.TemplateParameterTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateParameterTest
[INFO] Running org.apache.tiles.autotag.model.TemplateClassTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.004 s - in org.apache.tiles.autotag.model.TemplateClassTest
[INFO] Running org.apache.tiles.autotag.model.TemplateSuiteTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.autotag.model.TemplateSuiteTest
[INFO] Running org.apache.tiles.autotag.model.TemplateMethodTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateMethodTest
[INFO] Running org.apache.tiles.ognl.NestedObjectDelegatePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.021 s - in org.apache.tiles.ognl.NestedObjectDelegatePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.TilesContextPropertyAccessorDelegateFactoryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.ognl.TilesContextPropertyAccessorDelegateFactoryTest
[INFO] Running org.apache.tiles.ognl.AnyScopePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.AnyScopePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.OGNLAttributeEvaluatorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.057 s - in org.apache.tiles.ognl.OGNLAttributeEvaluatorTest
[INFO] Running org.apache.tiles.ognl.TilesApplicationContextNestedObjectExtractorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.TilesApplicationContextNestedObjectExtractorTest
[INFO] Running org.apache.tiles.ognl.ScopePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.ScopePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.DelegatePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.DelegatePropertyAccessorTest
[INFO] Running org.apache.tiles.request.AbstractRequestTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.request.AbstractRequestTest
[INFO] Running org.apache.tiles.request.AbstractViewRequestTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.022 s - in org.apache.tiles.request.AbstractViewRequestTest
[INFO] Running org.apache.tiles.request.RequestExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.RequestExceptionTest
[INFO] Running org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Running org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Running org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Running org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Running org.apache.tiles.request.render.DispatchRendererTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.DispatchRendererTest
[INFO] Running org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Running org.apache.tiles.request.render.StringRendererTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.StringRendererTest
[INFO] Running org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Running org.apache.tiles.request.AbstractClientRequestTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.005 s - in org.apache.tiles.request.AbstractClientRequestTest
[INFO] Running org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Running org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapTest
[INFO] Tests run: 14, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.request.collection.HeaderValuesMapTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.ScopeMapTest
[INFO] Running org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Running org.apache.tiles.request.collection.MapEntryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.008 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.KeySetTest
[INFO] Tests run: 17, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.004 s - in org.apache.tiles.request.collection.KeySetTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.005 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.004 s - in org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.002 s - in org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Running org.apache.tiles.request.ApplicationAccessTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.ApplicationAccessTest
[INFO] Running org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Running org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Running org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Running org.apache.tiles.el.JspExpressionFactoryFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.007 s - in org.apache.tiles.el.JspExpressionFactoryFactoryTest
[INFO] Running org.apache.tiles.el.ScopeELResolverTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.008 s - in org.apache.tiles.el.ScopeELResolverTest
[INFO] Running org.apache.tiles.el.TilesContextELResolverTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.el.TilesContextELResolverTest
[INFO] Running org.apache.tiles.el.ELAttributeEvaluatorTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.039 s - in org.apache.tiles.el.ELAttributeEvaluatorTest
[INFO] Running org.apache.tiles.el.TilesContextBeanELResolverTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.el.TilesContextBeanELResolverTest
[INFO] Running org.apache.tiles.el.ELContextImplTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.el.ELContextImplTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.3.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-tiles-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.3.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (6 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.3.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [ 10.418 s]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.291 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:48 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.170 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.372 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.099 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.076 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.331 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.532 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.061 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.478 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.092 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 2.684 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 8.776 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 2.747 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 6.952 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.475 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 4.666 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.340 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 4.884 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.357 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 1.924 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 2.611 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.103 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 8.005 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 4.986 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 11.181 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:20 min
[INFO] Finished at: 2023-08-22T06:05:45Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #189
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/189/display/redirect?page=changes>
Changes:
[github] Bump net.sf.jasperreports:jasperreports from 6.19.1 to 6.20.5
[github] Bump jackson.version from 2.14.1 to 2.15.2
[Lukasz Lenart] Unifies versions
[Lukasz Lenart] Reverts JAXB implementation to pre-Jakarta version
[Lukasz Lenart] WW-5325 Upgrades commons-lang3 to version 3.13.0
------------------------------------------
[...truncated 846.40 KB...]
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.3.0-SNAPSHOT [23/38]
[INFO] from plugins/oval/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Aug 01, 2023 6:05:23 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@16d04d3d
Aug 01, 2023 6:05:23 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@f2ff811
Aug 01, 2023 6:05:23 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e683a3e
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@71ba6d4e
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@723ca036
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2235eaab
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@560348e6
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6aa61224
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6bb75258
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@72a85671
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@51e4ccb3
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@70fab835
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@71f67a79
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5a2f016d
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e8823d2
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@41c89d2f
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@32fdec40
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@73d69c0f
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@48bfb884
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@368d5c00
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@660591fb
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@660591fb
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.387 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (6 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.13.0.jar (pkg:maven/commons-io/commons-io@2.13.0, cpe:2.3:a:apache:commons_io:2.13.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.13.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.3.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.437 s]
[INFO] Struts 2 ........................................... SUCCESS [ 11.103 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:56 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.131 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.979 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.662 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.744 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 5.122 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.263 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.494 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.197 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.870 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 2.995 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 8.273 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.635 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.511 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.600 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 7.156 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.650 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.162 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.816 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.390 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.229 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:09 min
[INFO] Finished at: 2023-08-01T06:05:28Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #188
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/188/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5315 Upgrades ASM to version 9.5
[Lukasz Lenart] WW-5316 Upgrades commons-io to version 2.13.0
[Lukasz Lenart] WW-5317 Upgrades log4j to version 2.20.0
[Sebastian.Peters] Update maven-dependency-plugin to 3.6.0
[Sebastian.Peters] Migrate legacy dependency-maven-plugin from codehaus
[Herve Boutemy] WW-5320 upgrade Felix Maven Bundle Plugin
[Lukasz Lenart] WW-5318 Upgrades slf4j to version 2.0.7
[Lukasz Lenart] Adds missing Dependabot config
[github] Bump osgi.core from 7.0.0 to 8.0.0
[github] Bump actions/upload-artifact from 3.1.0 to 3.1.2
[github] Bump stax2-api from 4.2 to 4.2.1
[github] Bump ossf/scorecard-action from 2.0.6 to 2.2.0
[github] Bump actions/cache from 3.0.8 to 3.3.1
[github] Bump assertj-core from 3.15.0 to 3.24.2
[github] Bump jaxb-impl from 2.3.2 to 4.0.3
------------------------------------------
[...truncated 808.88 KB...]
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.13.0.jar (pkg:maven/commons-io/commons-io@2.13.0, cpe:2.3:a:apache:commons_io:2.13.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.13.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.3.0-SNAPSHOT [23/38]
[INFO] from plugins/oval/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jul 22, 2023 6:08:36 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@16d04d3d
Jul 22, 2023 6:08:36 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@f2ff811
Jul 22, 2023 6:08:36 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e683a3e
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@71ba6d4e
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@723ca036
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2235eaab
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@560348e6
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6aa61224
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6bb75258
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@72a85671
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@51e4ccb3
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@70fab835
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@71f67a79
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5a2f016d
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e8823d2
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@41c89d2f
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@32fdec40
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@73d69c0f
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@48bfb884
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@76911385
Jul 22, 2023 6:08:39 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7ca0863b
Jul 22, 2023 6:08:39 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7ca0863b
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.63 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (66 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.13.0.jar (pkg:maven/commons-io/commons-io@2.13.0, cpe:2.3:a:apache:commons_io:2.13.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.13.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.3.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.064 s]
[INFO] Struts 2 ........................................... SUCCESS [01:08 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:10 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.994 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.769 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.293 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 8.322 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.656 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 5.279 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 17.079 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.666 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 12.910 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.988 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 13.275 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.252 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 11.629 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.622 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 13.476 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.985 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.831 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 12.882 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.415 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 10.193 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:29 min
[INFO] Finished at: 2023-07-22T06:08:44Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #187
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/187/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5310 Supports fragment in URL
[git] WW-5314 Do not log warnings for bad user input from JakartaMultiPartRequest
[git] WW-5314 Update log level in JakartaStreamMultiPartRequest
[Lukasz Lenart] WW-5310 Deprecates the old API in favour of new one
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_2_0
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[Lukasz Lenart] Enables Dependabot updates
------------------------------------------
[...truncated 837.25 KB...]
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- bundle:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
Jul 01, 2023 6:11:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
Jul 01, 2023 6:11:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.776 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (44 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.3.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.114 s]
[INFO] Struts 2 ........................................... SUCCESS [04:24 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:14 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.870 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 6.069 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 11.277 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 8.330 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.576 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 6.113 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 18.208 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.961 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 15.062 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 5.041 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 13.823 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.430 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 12.296 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.933 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 13.445 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 6.580 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 8.095 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 15.091 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.887 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.798 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10:58 min
[INFO] Finished at: 2023-07-01T06:11:49Z
[INFO] ------------------------------------------------------------------------
[WARNING]
[WARNING] Plugin validation issues were detected in 14 plugin(s)
[WARNING]
[WARNING] * org.apache.maven.plugins:maven-jar-plugin:3.2.0
[WARNING] * org.apache.maven.plugins:maven-compiler-plugin:3.8.1
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
[WARNING] * org.apache.felix:maven-bundle-plugin:5.1.6
[WARNING] * com.cj.jshintmojo:jshint-maven-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-source-plugin:3.2.1
[WARNING] * org.apache.maven.plugins:maven-resources-plugin:3.1.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.9.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.7.1
[WARNING] * org.apache.maven.plugins:maven-remote-resources-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:1.4.1
[WARNING] * org.owasp:dependency-check-maven:7.2.0
[WARNING] * org.apache.rat:apache-rat-plugin:0.15
[WARNING] * org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
[WARNING]
[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
[WARNING]
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #186
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/186/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5261 Avoids creating ValueStack if no ActionContext is available
[Yasser Zamani] add some improvements
------------------------------------------
[...truncated 865.21 KB...]
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- bundle:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.379 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (32 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.474 s]
[INFO] Struts 2 ........................................... SUCCESS [ 49.728 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:02 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.563 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.027 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.542 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.553 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 6.908 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.492 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.672 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.382 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.299 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.500 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.172 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 5.384 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.893 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.509 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.730 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.017 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.355 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.063 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.111 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.958 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:07 min
[INFO] Finished at: 2023-06-22T06:06:25Z
[INFO] ------------------------------------------------------------------------
[WARNING]
[WARNING] Plugin validation issues were detected in 14 plugin(s)
[WARNING]
[WARNING] * org.apache.maven.plugins:maven-jar-plugin:3.2.0
[WARNING] * org.apache.maven.plugins:maven-compiler-plugin:3.8.1
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
[WARNING] * org.apache.felix:maven-bundle-plugin:5.1.6
[WARNING] * com.cj.jshintmojo:jshint-maven-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-source-plugin:3.2.1
[WARNING] * org.apache.maven.plugins:maven-resources-plugin:3.1.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.9.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.7.1
[WARNING] * org.apache.maven.plugins:maven-remote-resources-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:1.4.1
[WARNING] * org.owasp:dependency-check-maven:7.2.0
[WARNING] * org.apache.rat:apache-rat-plugin:0.15
[WARNING] * org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
[WARNING]
[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
[WARNING]
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org