You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Apache Jenkins Server <je...@builds.apache.org> on 2021/09/29 05:51:35 UTC
Build failed in Jenkins: Struts » Struts-examples-JDK8-dependency-check #53
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/53/display/redirect?page=changes>
Changes:
[github] Bump jackson.version from 2.12.4 to 2.12.5
[github] Bump dependency-check-maven from 6.2.2 to 6.3.1
[github] Bump quarkus-plugin.version from 2.1.3.Final to 2.2.1.Final
[github] Bump shiro.version from 1.7.1 to 1.8.0
[github] Bump maven-javadoc-plugin from 3.3.0 to 3.3.1
------------------------------------------
[...truncated 107.22 KB...]
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-resource/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message resource:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [25/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [32 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.3.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (79 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message Store:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [26/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [232 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.3.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (55 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (9 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (4 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (16 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
spring-aop-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
spring-core-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:06 min]
[INFO] Action chaining .................................... SUCCESS [ 9.299 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 7.302 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 6.486 s]
[INFO] Bean Validation .................................... SUCCESS [ 10.535 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 10.140 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 6.498 s]
[INFO] Control Tags ....................................... SUCCESS [ 6.536 s]
[INFO] CRUD Example ....................................... SUCCESS [ 6.544 s]
[INFO] Debugging Struts ................................... SUCCESS [ 7.641 s]
[INFO] Exception handling ................................. SUCCESS [ 6.457 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 6.458 s]
[INFO] File upload ........................................ SUCCESS [ 6.379 s]
[INFO] Form Processing .................................... SUCCESS [ 6.273 s]
[INFO] Form Tags .......................................... SUCCESS [ 6.505 s]
[INFO] Form validation .................................... SUCCESS [ 6.312 s]
[INFO] XML based form validation .......................... SUCCESS [ 6.762 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 6.722 s]
[INFO] Http Session ....................................... SUCCESS [ 6.443 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 6.461 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 6.589 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 6.683 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 8.759 s]
[INFO] Message resource ................................... SUCCESS [ 6.696 s]
[INFO] Message Store ...................................... SUCCESS [ 6.948 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 22.047 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:24 min
[INFO] Finished at: 2021-09-29T05:51:35Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #71
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/71/display/redirect?page=changes>
Changes:
[github] Bump quarkus-plugin.version from 2.9.1.Final to 2.9.2.Final
------------------------------------------
Started by timer
Running as SYSTEM
[EnvInject] - Loading node environment variables.
Building remotely on builds35 (ubuntu) in workspace <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/>
The recommended git tool is: NONE
No credentials specified
Cloning the remote Git repository
Cloning repository https://gitbox.apache.org/repos/asf/struts-examples.git
> git init <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/> # timeout=10
Fetching upstream changes from https://gitbox.apache.org/repos/asf/struts-examples.git
> git --version # timeout=10
> git --version # 'git version 2.17.1'
> git fetch --tags --progress -- https://gitbox.apache.org/repos/asf/struts-examples.git +refs/heads/*:refs/remotes/origin/* # timeout=10
> git config remote.origin.url https://gitbox.apache.org/repos/asf/struts-examples.git # timeout=10
> git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
Avoid second fetch
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
Checking out Revision aa7143b95ef4f7779e0bb843b0bf9cd78975e370 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f aa7143b95ef4f7779e0bb843b0bf9cd78975e370 # timeout=10
Commit message: "Merge pull request #142 from apache/dependabot/maven/quarkus-plugin.version-2.9.2.Final"
> git rev-list --no-walk 371e480c83b77e2f52bf3bcd34ffff58d3b56d24 # timeout=10
ERROR: No tool found matching MAVEN_3_LATEST__HOME
[Struts-examples-dependency-check] $ /bin/sh -xe /tmp/jenkins3226858046790044400.sh
+ export MAVEN_OPTS=-Xms2g -Xmx2g -XX:MaxPermSize=512m -XX:+CMSClassUnloadingEnabled
+ export PATH=:/home/jenkins/tools/java/latest11/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+ ./mvnw verify -Pdependency-check
Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option MaxPermSize; support was removed in 8.0
[INFO] Scanning for projects...
Downloading from apache-public: https://repository.apache.org/content/groups/public/io/quarkus/quarkus-universe-bom/2.9.2.Final/quarkus-universe-bom-2.9.2.Final.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/io/quarkus/quarkus-universe-bom/2.9.2.Final/quarkus-universe-bom-2.9.2.Final.pom
Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/io/quarkus/quarkus-universe-bom/2.9.2.Final/quarkus-universe-bom-2.9.2.Final.pom
Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/io/quarkus/quarkus-universe-bom/2.9.2.Final/quarkus-universe-bom-2.9.2.Final.pom
Downloading from central: https://repo.maven.apache.org/maven2/io/quarkus/quarkus-universe-bom/2.9.2.Final/quarkus-universe-bom-2.9.2.Final.pom
Progress (1): 1.4/986 kBProgress (1): 2.7/986 kBProgress (1): 4.1/986 kBProgress (1): 5.5/986 kBProgress (1): 6.9/986 kBProgress (1): 8.2/986 kBProgress (1): 9.6/986 kBProgress (1): 11/986 kB Progress (1): 12/986 kBProgress (1): 14/986 kBProgress (1): 15/986 kBProgress (1): 16/986 kBProgress (1): 17/986 kBProgress (1): 19/986 kBProgress (1): 20/986 kBProgress (1): 21/986 kBProgress (1): 23/986 kBProgress (1): 24/986 kBProgress (1): 25/986 kBProgress (1): 27/986 kBProgress (1): 28/986 kBProgress (1): 30/986 kBProgress (1): 31/986 kBProgress (1): 32/986 kBProgress (1): 34/986 kBProgress (1): 35/986 kBProgress (1): 36/986 kBProgress (1): 38/986 kBProgress (1): 39/986 kBProgress (1): 40/986 kBProgress (1): 42/986 kBProgress (1): 43/986 kBProgress (1): 45/986 kBProgress (1): 46/986 kBProgress (1): 47/986 kBProgress (1): 49/986 kBProgress (1): 53/986 kBProgress (1): 57/986 kBProgress (1): 61/986 kBProgress (1): 65/986 kBProgress (1): 69/986 kBProgress (1): 73/986 kBProgress (1): 77/986 kBProgress (1): 81/986 kBProgress (1): 85/986 kBProgress (1): 90/986 kBProgress (1): 94/986 kBProgress (1): 98/986 kBProgress (1): 102/986 kBProgress (1): 106/986 kBProgress (1): 110/986 kBProgress (1): 114/986 kBProgress (1): 118/986 kBProgress (1): 122/986 kBProgress (1): 126/986 kBProgress (1): 131/986 kBProgress (1): 135/986 kBProgress (1): 139/986 kBProgress (1): 143/986 kBProgress (1): 147/986 kBProgress (1): 151/986 kBProgress (1): 155/986 kBProgress (1): 159/986 kBProgress (1): 163/986 kBProgress (1): 167/986 kBProgress (1): 172/986 kBProgress (1): 176/986 kBProgress (1): 180/986 kBProgress (1): 184/986 kBProgress (1): 188/986 kBProgress (1): 192/986 kBProgress (1): 196/986 kBProgress (1): 200/986 kBProgress (1): 204/986 kBProgress (1): 208/986 kBProgress (1): 212/986 kBProgress (1): 217/986 kBProgress (1): 221/986 kBProgress (1): 225/986 kBProgress (1): 229/986 kBProgress (1): 233/986 kBProgress (1): 237/986 kBProgress (1): 241/986 kBProgress (1): 245/986 kBProgress (1): 249/986 kBProgress (1): 253/986 kBProgress (1): 258/986 kBProgress (1): 262/986 kBProgress (1): 266/986 kBProgress (1): 270/986 kBProgress (1): 274/986 kBProgress (1): 278/986 kBProgress (1): 282/986 kBProgress (1): 286/986 kBProgress (1): 290/986 kBProgress (1): 294/986 kBProgress (1): 298/986 kBProgress (1): 303/986 kBProgress (1): 307/986 kBProgress (1): 311/986 kBProgress (1): 315/986 kBProgress (1): 319/986 kBProgress (1): 323/986 kBProgress (1): 327/986 kBProgress (1): 331/986 kBProgress (1): 335/986 kBProgress (1): 339/986 kBProgress (1): 344/986 kBProgress (1): 348/986 kBProgress (1): 352/986 kBProgress (1): 356/986 kBProgress (1): 360/986 kBProgress (1): 364/986 kBProgress (1): 368/986 kBProgress (1): 372/986 kBProgress (1): 376/986 kBProgress (1): 380/986 kBProgress (1): 384/986 kBProgress (1): 389/986 kBProgress (1): 393/986 kBProgress (1): 397/986 kBProgress (1): 401/986 kBProgress (1): 405/986 kBProgress (1): 409/986 kBProgress (1): 413/986 kBProgress (1): 417/986 kBProgress (1): 421/986 kBProgress (1): 425/986 kBProgress (1): 429/986 kBProgress (1): 434/986 kBProgress (1): 438/986 kBProgress (1): 442/986 kBProgress (1): 446/986 kBProgress (1): 450/986 kBProgress (1): 454/986 kBProgress (1): 458/986 kBProgress (1): 462/986 kBProgress (1): 466/986 kBProgress (1): 470/986 kBProgress (1): 475/986 kBProgress (1): 479/986 kBProgress (1): 483/986 kBProgress (1): 487/986 kBProgress (1): 491/986 kBProgress (1): 495/986 kBProgress (1): 499/986 kBProgress (1): 503/986 kBProgress (1): 507/986 kBProgress (1): 511/986 kBProgress (1): 515/986 kBProgress (1): 520/986 kBProgress (1): 524/986 kBProgress (1): 528/986 kBProgress (1): 532/986 kBProgress (1): 536/986 kBProgress (1): 540/986 kBProgress (1): 544/986 kBProgress (1): 548/986 kBProgress (1): 552/986 kBProgress (1): 556/986 kBProgress (1): 561/986 kBProgress (1): 565/986 kBProgress (1): 569/986 kBProgress (1): 573/986 kBProgress (1): 577/986 kBProgress (1): 581/986 kBProgress (1): 585/986 kBProgress (1): 589/986 kBProgress (1): 593/986 kBProgress (1): 597/986 kBProgress (1): 602/986 kBProgress (1): 606/986 kBProgress (1): 610/986 kBProgress (1): 614/986 kBProgress (1): 618/986 kBProgress (1): 622/986 kBProgress (1): 626/986 kBProgress (1): 630/986 kBProgress (1): 634/986 kBProgress (1): 638/986 kBProgress (1): 642/986 kBProgress (1): 647/986 kBProgress (1): 651/986 kBProgress (1): 655/986 kBProgress (1): 659/986 kBProgress (1): 663/986 kBProgress (1): 667/986 kBProgress (1): 671/986 kBProgress (1): 675/986 kBProgress (1): 679/986 kBProgress (1): 683/986 kBProgress (1): 688/986 kBProgress (1): 692/986 kBProgress (1): 696/986 kBProgress (1): 700/986 kBProgress (1): 704/986 kBProgress (1): 708/986 kBProgress (1): 712/986 kBProgress (1): 716/986 kBProgress (1): 720/986 kBProgress (1): 724/986 kBProgress (1): 728/986 kBProgress (1): 733/986 kBProgress (1): 737/986 kBProgress (1): 741/986 kBProgress (1): 745/986 kBProgress (1): 749/986 kBProgress (1): 753/986 kBProgress (1): 757/986 kBProgress (1): 761/986 kBProgress (1): 765/986 kBProgress (1): 769/986 kBProgress (1): 774/986 kBProgress (1): 778/986 kBProgress (1): 782/986 kBProgress (1): 786/986 kBProgress (1): 790/986 kBProgress (1): 794/986 kBProgress (1): 798/986 kBProgress (1): 802/986 kBProgress (1): 806/986 kBProgress (1): 810/986 kBProgress (1): 815/986 kBProgress (1): 819/986 kBProgress (1): 823/986 kBProgress (1): 827/986 kBProgress (1): 831/986 kBProgress (1): 835/986 kBProgress (1): 839/986 kBProgress (1): 843/986 kBProgress (1): 847/986 kBProgress (1): 851/986 kBProgress (1): 855/986 kBProgress (1): 860/986 kBProgress (1): 864/986 kBProgress (1): 868/986 kBProgress (1): 872/986 kBProgress (1): 876/986 kBProgress (1): 880/986 kBProgress (1): 884/986 kBProgress (1): 888/986 kBProgress (1): 892/986 kBProgress (1): 896/986 kBProgress (1): 901/986 kBProgress (1): 905/986 kBProgress (1): 906/986 kBProgress (1): 910/986 kBProgress (1): 914/986 kBProgress (1): 918/986 kBProgress (1): 922/986 kBProgress (1): 926/986 kBProgress (1): 930/986 kBProgress (1): 934/986 kBProgress (1): 938/986 kBProgress (1): 942/986 kBProgress (1): 946/986 kBProgress (1): 951/986 kBProgress (1): 955/986 kBProgress (1): 959/986 kBProgress (1): 963/986 kBProgress (1): 967/986 kBProgress (1): 971/986 kBProgress (1): 975/986 kBProgress (1): 979/986 kBProgress (1): 983/986 kBProgress (1): 986 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/quarkus/quarkus-universe-bom/2.9.2.Final/quarkus-universe-bom-2.9.2.Final.pom (986 kB at 1.1 MB/s)
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.apache.struts:portlet:war:1.1.0
[WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-surefire-plugin is missing. @ org.apache.struts:portlet:[unknown-version], <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/pom.xml,> line 179, column 21
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.apache.struts:rest-angular:war:1.1.0
[WARNING] 'build.plugins.plugin.version' for com.cj.jshintmojo:jshint-maven-plugin is missing. @ org.apache.struts:rest-angular:[unknown-version], <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/rest-angular/pom.xml,> line 122, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Struts 2 Examples [pom]
[INFO] Action chaining [war]
[INFO] Annotations with Convention Plugin [war]
[INFO] Basic Struts2 Example [war]
[INFO] Bean Validation [war]
[INFO] Struts 2 Blank Webapp [war]
[INFO] Coding Struts 2 Action [war]
[INFO] Control Tags [war]
[INFO] CRUD Example [war]
[INFO] Debugging Struts [war]
[INFO] Dynamic Url [war]
[INFO] Exception handling [war]
[INFO] Exclude Parameters [war]
[INFO] File upload [war]
[INFO] Form Processing [war]
[INFO] Form Tags [war]
[INFO] Form validation [war]
[INFO] XML based form validation [war]
[INFO] Hello World Struts 2 Example Application [war]
[INFO] Http Session [war]
[INFO] Struts 2 Interceptors [war]
[INFO] JSON produce/consume [war]
[INFO] Customized JSON produce [war]
[INFO] Struts 2 Mail Reader Webapp [war]
[INFO] Message resource [war]
[INFO] Message Store [war]
[INFO] Portlet Webapp [war]
[INFO] Preparable Interface [war]
[INFO] Struts 2 Quarkus [jar]
[INFO] REST to Action Mapper Example Application [war]
[INFO] REST Plugin based application with AngularJS [war]
[INFO] Struts2 with Basic Shiro Security Integration [war]
[INFO] Struts2 with Spring Integration [war]
[INFO] Custom TextProvider [war]
[INFO] Struts Tiles Example [war]
[INFO] Struts 2 Themes [war]
[INFO] Struts 2 Themes Override [war]
[INFO] Type Conversion [war]
[INFO] Unit Testing [war]
[INFO] Unknown handler [war]
[INFO] Using Struts 2 Tags [war]
[INFO] validation-messages [war]
[INFO] Wildcard Method Selection [war]
[INFO] Wildcard RegEx pattern matching [war]
[INFO]
[INFO] -----------------< org.apache.struts:struts-examples >------------------
[INFO] Building Struts 2 Examples 1.1.0 [1/44]
[INFO] --------------------------------[ pom ]---------------------------------
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.pom
Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.pom
Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.pom
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.pom
[WARNING] The POM for org.apache.struts:struts2-core:jar:6.0.0-RC3 is missing, no dependency information available
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.jar
Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.jar
Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.jar
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/struts/struts2-core/6.0.0-RC3/struts2-core-6.0.0-RC3.jar
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ FAILURE [ 3.897 s]
[INFO] Action chaining .................................... SKIPPED
[INFO] Annotations with Convention Plugin ................. SKIPPED
[INFO] Basic Struts2 Example .............................. SKIPPED
[INFO] Bean Validation .................................... SKIPPED
[INFO] Struts 2 Blank Webapp .............................. SKIPPED
[INFO] Coding Struts 2 Action ............................. SKIPPED
[INFO] Control Tags ....................................... SKIPPED
[INFO] CRUD Example ....................................... SKIPPED
[INFO] Debugging Struts ................................... SKIPPED
[INFO] Dynamic Url ........................................ SKIPPED
[INFO] Exception handling ................................. SKIPPED
[INFO] Exclude Parameters ................................. SKIPPED
[INFO] File upload ........................................ SKIPPED
[INFO] Form Processing .................................... SKIPPED
[INFO] Form Tags .......................................... SKIPPED
[INFO] Form validation .................................... SKIPPED
[INFO] XML based form validation .......................... SKIPPED
[INFO] Hello World Struts 2 Example Application ........... SKIPPED
[INFO] Http Session ....................................... SKIPPED
[INFO] Struts 2 Interceptors .............................. SKIPPED
[INFO] JSON produce/consume ............................... SKIPPED
[INFO] Customized JSON produce ............................ SKIPPED
[INFO] Struts 2 Mail Reader Webapp ........................ SKIPPED
[INFO] Message resource ................................... SKIPPED
[INFO] Message Store ...................................... SKIPPED
[INFO] Portlet Webapp ..................................... SKIPPED
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.947 s
[INFO] Finished at: 2022-06-01T21:59:19Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project struts-examples: Could not resolve dependencies for project org.apache.struts:struts-examples:pom:1.1.0: Could not find artifact org.apache.struts:struts2-core:jar:6.0.0-RC3 in apache-public (https://repository.apache.org/content/groups/public/) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #70
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/70/display/redirect?page=changes>
Changes:
[github] Bump slf4j-simple from 1.7.32 to 1.7.36
[github] Bump dependency-check-maven from 6.5.1 to 7.1.0
[github] Bump log4j2.version from 2.17.1 to 2.17.2
[github] Bump maven-compiler-plugin from 3.10.0 to 3.10.1
[github] Bump jackson.version from 2.13.2.1 to 2.13.3
[github] Bump maven-failsafe-plugin from 3.0.0-M5 to 3.0.0-M6
[github] Bump quarkus-plugin.version from 2.7.4.Final to 2.9.1.Final
[github] Bump spring-web from 5.3.9 to 5.3.20
[github] Bump maven-javadoc-plugin from 3.3.1 to 3.4.0
[github] Updates badge with Jenkins build status
------------------------------------------
[...truncated 22.29 KB...]
[INFO] Webapp assembled in [89 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/annotations/target/annotations.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:7.1.0:check (default) @ annotations ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (44 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (1 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/annotations/target/dependency-check-report.html>
[INFO]
[INFO] -------------------< org.apache.struts:basic-struts >-------------------
[INFO] Building Basic Struts2 Example 1.1.0 [4/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ basic-struts ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 2 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.10.1:compile (default-compile) @ basic-struts ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ basic-struts ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/basic-struts/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.1:testCompile (default-testCompile) @ basic-struts ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ basic-struts ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ basic-struts ---
[INFO] Packaging webapp
[INFO] Assembling webapp [basic-struts] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/basic-struts/target/basic-struts]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/basic-struts/src/main/webapp]>
[INFO] Webapp assembled in [54 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/basic-struts/target/basic-struts.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:7.1.0:check (default) @ basic-struts ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (40 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/basic-struts/target/dependency-check-report.html>
[INFO]
[INFO] -----------------< org.apache.struts:bean-validation >------------------
[INFO] Building Bean Validation 1.1.0 [5/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ bean-validation ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.10.1:compile (default-compile) @ bean-validation ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ bean-validation ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/bean-validation/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.1:testCompile (default-testCompile) @ bean-validation ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ bean-validation ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ bean-validation ---
[INFO] Packaging webapp
[INFO] Assembling webapp [bean-validation] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/bean-validation/target/bean-validation]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/bean-validation/src/main/webapp]>
[INFO] Webapp assembled in [136 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/bean-validation/target/bean-validation.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:7.1.0:check (default) @ bean-validation ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (38 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/bean-validation/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Bean Validation:
hibernate-validator-4.3.2.Final.jar (pkg:maven/org.hibernate/hibernate-validator@4.3.2.Final, cpe:2.3:a:redhat:hibernate_validator:4.3.2:*:*:*:*:*:*:*) : CVE-2017-7536, CVE-2019-10219
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:07 min]
[INFO] Action chaining .................................... SUCCESS [ 8.216 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 6.972 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 5.173 s]
[INFO] Bean Validation .................................... FAILURE [ 7.144 s]
[INFO] Struts 2 Blank Webapp .............................. SKIPPED
[INFO] Coding Struts 2 Action ............................. SKIPPED
[INFO] Control Tags ....................................... SKIPPED
[INFO] CRUD Example ....................................... SKIPPED
[INFO] Debugging Struts ................................... SKIPPED
[INFO] Dynamic Url ........................................ SKIPPED
[INFO] Exception handling ................................. SKIPPED
[INFO] Exclude Parameters ................................. SKIPPED
[INFO] File upload ........................................ SKIPPED
[INFO] Form Processing .................................... SKIPPED
[INFO] Form Tags .......................................... SKIPPED
[INFO] Form validation .................................... SKIPPED
[INFO] XML based form validation .......................... SKIPPED
[INFO] Hello World Struts 2 Example Application ........... SKIPPED
[INFO] Http Session ....................................... SKIPPED
[INFO] Struts 2 Interceptors .............................. SKIPPED
[INFO] JSON produce/consume ............................... SKIPPED
[INFO] Customized JSON produce ............................ SKIPPED
[INFO] Struts 2 Mail Reader Webapp ........................ SKIPPED
[INFO] Message resource ................................... SKIPPED
[INFO] Message Store ...................................... SKIPPED
[INFO] Portlet Webapp ..................................... SKIPPED
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:39 min
[INFO] Finished at: 2022-05-29T22:00:48Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.1.0:check (default) on project bean-validation:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] hibernate-validator-4.3.2.Final.jar: CVE-2017-7536(7.0)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :bean-validation
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #69
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/69/display/redirect>
Changes:
------------------------------------------
[...truncated 142.36 KB...]
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [36 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (65 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/dependency-check-report.html>
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [27/44]
[INFO] --------------------------------[ war ]---------------------------------
Downloading from apache-public: https://repository.apache.org/content/groups/public/javax/portlet/portlet-api/3.0.1/portlet-api-3.0.1.pom
Progress (1): 4.1/14 kBProgress (1): 7.7/14 kBProgress (1): 8.2/14 kBProgress (1): 12/14 kB Progress (1): 14 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/javax/portlet/portlet-api/3.0.1/portlet-api-3.0.1.pom (14 kB at 16 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/portals/pluto/pluto/3.0.1/pluto-3.0.1.pom
Progress (1): 4.1/26 kBProgress (1): 7.7/26 kBProgress (1): 8.2/26 kBProgress (1): 12/26 kB Progress (1): 16/26 kBProgress (1): 16/26 kBProgress (1): 20/26 kBProgress (1): 24/26 kBProgress (1): 25/26 kBProgress (1): 26 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/portals/pluto/pluto/3.0.1/pluto-3.0.1.pom (26 kB at 33 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/portals/portals-pom/1.4/portals-pom-1.4.pom
Progress (1): 4.1/5.1 kBProgress (1): 5.1 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/portals/portals-pom/1.4/portals-pom-1.4.pom (5.1 kB at 11 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom
Progress (1): 3.7 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom (3.7 kB at 5.1 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom
Progress (1): 4.1/5.5 kBProgress (1): 5.5 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom (5.5 kB at 7.6 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom
Progress (1): 1.7 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom (1.7 kB at 2.2 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom
Progress (1): 2.5 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom (2.5 kB at 3.8 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom
Progress (1): 3.3 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom (3.3 kB at 4.7 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/javax/portlet/portlet-api/3.0.1/portlet-api-3.0.1.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar
Progress (1): 4.1/109 kBProgress (1): 7.7/109 kBProgress (1): 8.2/109 kBProgress (1): 12/109 kB Progress (1): 16/109 kBProgress (1): 16/109 kBProgress (1): 20/109 kBProgress (1): 24/109 kBProgress (1): 25/109 kBProgress (1): 29/109 kBProgress (1): 32/109 kBProgress (1): 33/109 kBProgress (1): 37/109 kBProgress (1): 41/109 kBProgress (1): 41/109 kBProgress (1): 45/109 kBProgress (1): 49/109 kBProgress (1): 49/109 kBProgress (1): 53/109 kBProgress (1): 57/109 kBProgress (1): 57/109 kBProgress (1): 61/109 kBProgress (1): 65/109 kBProgress (1): 66/109 kBProgress (1): 70/109 kBProgress (1): 74/109 kBProgress (1): 74/109 kBProgress (1): 78/109 kBProgress (1): 82/109 kBProgress (1): 82/109 kB Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar
Progress (1): 86/109 kBProgress (1): 90/109 kBProgress (1): 90/109 kBProgress (1): 94/109 kBProgress (1): 98/109 kBProgress (1): 98/109 kBProgress (1): 102/109 kBProgress (1): 106/109 kBProgress (1): 106/109 kBProgress (1): 109 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/javax/portlet/portlet-api/3.0.1/portlet-api-3.0.1.jar (109 kB at 128 kB/s)
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar
Progress (1): 4.1/32 kBProgress (1): 7.7/32 kBProgress (1): 8.2/32 kBProgress (1): 12/32 kB Progress (1): 16/32 kBProgress (1): 16/32 kBProgress (1): 20/32 kBProgress (1): 24/32 kBProgress (1): 25/32 kBProgress (1): 29/32 kBProgress (1): 32/32 kBProgress (1): 32 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar (32 kB at 94 kB/s)
Progress (1): 4.1/11 kBProgress (1): 7.7/11 kBProgress (1): 8.2/11 kBProgress (1): 11 kB Progress (2): 11 kB | 4.1/90 kBProgress (2): 11 kB | 7.7/90 kBProgress (3): 11 kB | 7.7/90 kB | 4.1/16 kBProgress (3): 11 kB | 8.2/90 kB | 4.1/16 kBProgress (3): 11 kB | 8.2/90 kB | 7.7/16 kBProgress (3): 11 kB | 8.2/90 kB | 8.2/16 kBProgress (4): 11 kB | 8.2/90 kB | 8.2/16 kB | 4.1/40 kBProgress (4): 11 kB | 8.2/90 kB | 8.2/16 kB | 7.7/40 kBProgress (4): 11 kB | 8.2/90 kB | 8.2/16 kB | 8.2/40 kBProgress (4): 11 kB | 12/90 kB | 8.2/16 kB | 8.2/40 kB Progress (4): 11 kB | 16/90 kB | 8.2/16 kB | 8.2/40 kBProgress (4): 11 kB | 16/90 kB | 8.2/16 kB | 8.2/40 kBProgress (4): 11 kB | 16/90 kB | 8.2/16 kB | 12/40 kB Progress (4): 11 kB | 16/90 kB | 8.2/16 kB | 16/40 kBProgress (4): 11 kB | 20/90 kB | 8.2/16 kB | 16/40 kBProgress (4): 11 kB | 24/90 kB | 8.2/16 kB | 16/40 kBProgress (4): 11 kB | 24/90 kB | 12/16 kB | 16/40 kB Progress (4): 11 kB | 25/90 kB | 12/16 kB | 16/40 kBProgress (4): 11 kB | 25/90 kB | 16/16 kB | 16/40 kBProgress (4): 11 kB | 25/90 kB | 16 kB | 16/40 kB Progress (4): 11 kB | 29/90 kB | 16 kB | 16/40 kBProgress (4): 11 kB | 32/90 kB | 16 kB | 16/40 kBProgress (4): 11 kB | 33/90 kB | 16 kB | 16/40 kBProgress (4): 11 kB | 33/90 kB | 16 kB | 16/40 kBProgress (4): 11 kB | 33/90 kB | 16 kB | 20/40 kBProgress (4): 11 kB | 33/90 kB | 16 kB | 24/40 kBProgress (4): 11 kB | 33/90 kB | 16 kB | 25/40 kBProgress (4): 11 kB | 33/90 kB | 16 kB | 29/40 kBProgress (4): 11 kB | 33/90 kB | 16 kB | 32/40 kBProgress (4): 11 kB | 33/90 kB | 16 kB | 33/40 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar (11 kB at 16 kB/s)
Progress (3): 37/90 kB | 16 kB | 33/40 kBProgress (3): 41/90 kB | 16 kB | 33/40 kBProgress (3): 41/90 kB | 16 kB | 33/40 kBProgress (3): 45/90 kB | 16 kB | 33/40 kBProgress (3): 49/90 kB | 16 kB | 33/40 kBProgress (3): 49/90 kB | 16 kB | 33/40 kBProgress (3): 49/90 kB | 16 kB | 37/40 kBProgress (3): 49/90 kB | 16 kB | 40/40 kBProgress (3): 49/90 kB | 16 kB | 40 kB Progress (3): 53/90 kB | 16 kB | 40 kBProgress (3): 57/90 kB | 16 kB | 40 kBProgress (3): 57/90 kB | 16 kB | 40 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar (16 kB at 19 kB/s)
Progress (2): 61/90 kB | 40 kBProgress (2): 65/90 kB | 40 kBProgress (2): 66/90 kB | 40 kBProgress (2): 70/90 kB | 40 kBProgress (2): 74/90 kB | 40 kBProgress (2): 74/90 kB | 40 kBProgress (2): 78/90 kB | 40 kBProgress (2): 82/90 kB | 40 kBProgress (2): 82/90 kB | 40 kBProgress (2): 86/90 kB | 40 kBProgress (2): 90/90 kB | 40 kBProgress (2): 90 kB | 40 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar (40 kB at 41 kB/s)
Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar (90 kB at 81 kB/s)
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:compile (default-compile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 13 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/eventing/PublishAction.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/eventing/PublishAction.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:testCompile (default-testCompile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 3 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [388 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (59 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (12 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (1 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (17 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
spring-aop-4.3.30.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.30:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2022-22965, CVE-2022-22968
spring-core-4.3.30.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.30.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.30:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2022-22965, CVE-2022-22968
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:30 min]
[INFO] Action chaining .................................... SUCCESS [ 12.588 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 13.077 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 7.636 s]
[INFO] Bean Validation .................................... SUCCESS [ 12.606 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 15.015 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 7.249 s]
[INFO] Control Tags ....................................... SUCCESS [ 7.189 s]
[INFO] CRUD Example ....................................... SUCCESS [ 7.696 s]
[INFO] Debugging Struts ................................... SUCCESS [ 14.591 s]
[INFO] Dynamic Url ........................................ SUCCESS [ 7.642 s]
[INFO] Exception handling ................................. SUCCESS [ 7.566 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 7.288 s]
[INFO] File upload ........................................ SUCCESS [ 7.308 s]
[INFO] Form Processing .................................... SUCCESS [ 7.028 s]
[INFO] Form Tags .......................................... SUCCESS [ 7.238 s]
[INFO] Form validation .................................... SUCCESS [ 7.387 s]
[INFO] XML based form validation .......................... SUCCESS [ 8.139 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 7.810 s]
[INFO] Http Session ....................................... SUCCESS [ 7.320 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 7.386 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 14.357 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 10.176 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 10.223 s]
[INFO] Message resource ................................... SUCCESS [ 7.260 s]
[INFO] Message Store ...................................... SUCCESS [ 6.936 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 34.533 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:58 min
[INFO] Finished at: 2022-05-01T22:05:08Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-aop-4.3.30.RELEASE.jar: CVE-2022-22968, CVE-2022-22965, CVE-2016-1000027
[ERROR] spring-core-4.3.30.RELEASE.jar: CVE-2022-22968, CVE-2022-22965, CVE-2016-1000027
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #68
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/68/display/redirect?page=changes>
Changes:
[github] Bump shiro.version from 1.8.0 to 1.9.0
[Lukasz Lenart] Enables autodeleting branches after PR has been merged
[github] Bump jackson-databind from 2.13.0 to 2.13.2.1 in /rest-angular
[github] Bump json-path from 2.6.0 to 2.7.0
------------------------------------------
[...truncated 102.78 KB...]
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (5 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-resource/target/dependency-check-report.html>
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [26/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [51 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (57 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/dependency-check-report.html>
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [27/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [317 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (63 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (13 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (17 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
spring-aop-4.3.30.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.30:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2022-22965, CVE-2022-22968
spring-core-4.3.30.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.30.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.30:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.30:release:*:*:*:*:*:*) : CVE-2016-1000027, CVE-2022-22965, CVE-2022-22968
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [04:57 min]
[INFO] Action chaining .................................... SUCCESS [ 8.835 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 8.858 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 7.653 s]
[INFO] Bean Validation .................................... SUCCESS [ 10.158 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 11.487 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 8.012 s]
[INFO] Control Tags ....................................... SUCCESS [ 7.264 s]
[INFO] CRUD Example ....................................... SUCCESS [ 6.888 s]
[INFO] Debugging Struts ................................... SUCCESS [ 10.263 s]
[INFO] Dynamic Url ........................................ SUCCESS [ 7.465 s]
[INFO] Exception handling ................................. SUCCESS [ 6.924 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 7.488 s]
[INFO] File upload ........................................ SUCCESS [ 7.291 s]
[INFO] Form Processing .................................... SUCCESS [ 7.196 s]
[INFO] Form Tags .......................................... SUCCESS [ 7.531 s]
[INFO] Form validation .................................... SUCCESS [ 7.199 s]
[INFO] XML based form validation .......................... SUCCESS [ 7.243 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 7.578 s]
[INFO] Http Session ....................................... SUCCESS [ 6.932 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 7.562 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 10.214 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 10.416 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 10.115 s]
[INFO] Message resource ................................... SUCCESS [ 7.499 s]
[INFO] Message Store ...................................... SUCCESS [ 7.234 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 24.764 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:48 min
[INFO] Finished at: 2022-04-29T22:08:03Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-aop-4.3.30.RELEASE.jar: CVE-2022-22968, CVE-2022-22965, CVE-2016-1000027
[ERROR] spring-core-4.3.30.RELEASE.jar: CVE-2022-22968, CVE-2022-22965, CVE-2016-1000027
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #67
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/67/display/redirect>
Changes:
------------------------------------------
[...truncated 146.58 KB...]
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 2 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/classes>
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [38 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (64 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/dependency-check-report.html>
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [27/44]
[INFO] --------------------------------[ war ]---------------------------------
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom
Progress (1): 3.7 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom (3.7 kB at 5.4 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom
Progress (1): 4.1/5.5 kBProgress (1): 5.5 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom (5.5 kB at 7.6 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom
Progress (1): 1.7 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom (1.7 kB at 2.2 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom
Progress (1): 2.5 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom (2.5 kB at 1.5 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom
Progress (1): 3.3 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom (3.3 kB at 4.5 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar
Progress (1): 4.1/32 kBProgress (1): 7.7/32 kBProgress (1): 8.2/32 kBProgress (2): 8.2/32 kB | 4.1/90 kBProgress (2): 8.2/32 kB | 7.7/90 kBProgress (2): 8.2/32 kB | 8.2/90 kBProgress (3): 8.2/32 kB | 8.2/90 kB | 4.1/11 kBProgress (3): 8.2/32 kB | 8.2/90 kB | 7.7/11 kBProgress (3): 8.2/32 kB | 8.2/90 kB | 8.2/11 kBProgress (4): 8.2/32 kB | 8.2/90 kB | 8.2/11 kB | 4.1/16 kBProgress (4): 8.2/32 kB | 8.2/90 kB | 8.2/11 kB | 7.7/16 kBProgress (4): 8.2/32 kB | 8.2/90 kB | 8.2/11 kB | 8.2/16 kBProgress (5): 8.2/32 kB | 8.2/90 kB | 8.2/11 kB | 8.2/16 kB | 4.1/40 kBProgress (5): 8.2/32 kB | 8.2/90 kB | 8.2/11 kB | 8.2/16 kB | 7.7/40 kBProgress (5): 8.2/32 kB | 8.2/90 kB | 8.2/11 kB | 8.2/16 kB | 8.2/40 kBProgress (5): 8.2/32 kB | 8.2/90 kB | 11 kB | 8.2/16 kB | 8.2/40 kB Progress (5): 8.2/32 kB | 8.2/90 kB | 11 kB | 8.2/16 kB | 12/40 kB Progress (5): 8.2/32 kB | 8.2/90 kB | 11 kB | 8.2/16 kB | 16/40 kBProgress (5): 12/32 kB | 8.2/90 kB | 11 kB | 8.2/16 kB | 16/40 kB Progress (5): 12/32 kB | 8.2/90 kB | 11 kB | 12/16 kB | 16/40 kB Progress (5): 16/32 kB | 8.2/90 kB | 11 kB | 12/16 kB | 16/40 kBProgress (5): 16/32 kB | 12/90 kB | 11 kB | 12/16 kB | 16/40 kB Progress (5): 16/32 kB | 12/90 kB | 11 kB | 16/16 kB | 16/40 kBProgress (5): 16/32 kB | 16/90 kB | 11 kB | 16/16 kB | 16/40 kBProgress (5): 16/32 kB | 16/90 kB | 11 kB | 16/16 kB | 16/40 kBProgress (5): 16/32 kB | 16/90 kB | 11 kB | 16 kB | 16/40 kB Progress (5): 20/32 kB | 16/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 24/32 kB | 16/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 25/32 kB | 16/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 29/32 kB | 16/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32/32 kB | 16/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 16/90 kB | 11 kB | 16 kB | 16/40 kB Progress (5): 32 kB | 16/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 20/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 24/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 25/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 29/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 32/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 16/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 20/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 24/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 25/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 29/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 32/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 33/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 37/40 kBProgress (5): 32 kB | 33/90 kB | 11 kB | 16 kB | 40 kB Progress (5): 32 kB | 37/90 kB | 11 kB | 16 kB | 40 kBProgress (5): 32 kB | 40/90 kB | 11 kB | 16 kB | 40 kBProgress (5): 32 kB | 41/90 kB | 11 kB | 16 kB | 40 kBProgress (5): 32 kB | 45/90 kB | 11 kB | 16 kB | 40 kBProgress (5): 32 kB | 48/90 kB | 11 kB | 16 kB | 40 kBProgress (5): 32 kB | 49/90 kB | 11 kB | 16 kB | 40 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar (32 kB at 39 kB/s)
Progress (4): 53/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 56/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 57/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 61/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 64/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 66/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 70/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 72/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 74/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 78/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 80/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 82/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 86/90 kB | 11 kB | 16 kB | 40 kBProgress (4): 88/90 kB | 11 kB | 16 kB | 40 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar (11 kB at 12 kB/s)
Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar (16 kB at 17 kB/s)
Progress (2): 90 kB | 40 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar (40 kB at 39 kB/s)
Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar (90 kB at 77 kB/s)
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:compile (default-compile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 13 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/FormResultAction.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/FormResultAction.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:testCompile (default-testCompile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 3 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [261 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (61 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (12 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (1 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (4 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (18 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [05:17 min]
[INFO] Action chaining .................................... SUCCESS [ 11.138 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 11.853 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 7.154 s]
[INFO] Bean Validation .................................... SUCCESS [ 12.805 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 14.238 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 7.713 s]
[INFO] Control Tags ....................................... SUCCESS [ 7.503 s]
[INFO] CRUD Example ....................................... SUCCESS [ 6.806 s]
[INFO] Debugging Struts ................................... SUCCESS [ 14.480 s]
[INFO] Dynamic Url ........................................ SUCCESS [ 7.206 s]
[INFO] Exception handling ................................. SUCCESS [ 7.635 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 8.028 s]
[INFO] File upload ........................................ SUCCESS [ 7.187 s]
[INFO] Form Processing .................................... SUCCESS [ 7.002 s]
[INFO] Form Tags .......................................... SUCCESS [ 6.938 s]
[INFO] Form validation .................................... SUCCESS [ 7.236 s]
[INFO] XML based form validation .......................... SUCCESS [ 6.855 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 7.143 s]
[INFO] Http Session ....................................... SUCCESS [ 7.430 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 7.187 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 11.953 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 10.813 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 10.251 s]
[INFO] Message resource ................................... SUCCESS [ 7.223 s]
[INFO] Message Store ...................................... SUCCESS [ 7.265 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 34.703 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 09:37 min
[INFO] Finished at: 2022-04-01T22:08:48Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #66
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/66/display/redirect?page=changes>
Changes:
[github] Bump maven-compiler-plugin from 3.8.1 to 3.10.0
[Lukasz Lenart] Uses RC3 instead of RC1
[Lukasz Lenart] Upgrades Travis instance
[github] Bump quarkus-plugin.version from 2.2.1.Final to 2.7.4.Final
[github] Bump xercesImpl from 2.12.1 to 2.12.2
------------------------------------------
[...truncated 141.47 KB...]
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 2 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/classes>
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [20 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (79 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/dependency-check-report.html>
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [27/44]
[INFO] --------------------------------[ war ]---------------------------------
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom
Progress (1): 3.7 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.pom (3.7 kB at 5.2 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom
Progress (1): 4.1/5.5 kBProgress (1): 5.5 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.pom (5.5 kB at 7.4 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom
Progress (1): 1.7 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.pom (1.7 kB at 2.4 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom
Progress (1): 2.5 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.pom (2.5 kB at 3.7 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom
Progress (1): 3.3 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.pom (3.3 kB at 4.9 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar
Progress (1): 4.1/11 kBProgress (1): 7.7/11 kBProgress (1): 8.2/11 kBProgress (1): 11 kB Progress (2): 11 kB | 4.1/90 kBProgress (2): 11 kB | 7.7/90 kBProgress (2): 11 kB | 8.2/90 kBProgress (3): 11 kB | 8.2/90 kB | 4.1/16 kBProgress (3): 11 kB | 8.2/90 kB | 7.7/16 kBProgress (3): 11 kB | 8.2/90 kB | 8.2/16 kBProgress (4): 11 kB | 8.2/90 kB | 8.2/16 kB | 4.1/40 kBProgress (4): 11 kB | 8.2/90 kB | 8.2/16 kB | 7.7/40 kBProgress (4): 11 kB | 8.2/90 kB | 8.2/16 kB | 8.2/40 kBProgress (5): 11 kB | 8.2/90 kB | 8.2/16 kB | 8.2/40 kB | 4.1/32 kBProgress (5): 11 kB | 8.2/90 kB | 8.2/16 kB | 8.2/40 kB | 7.7/32 kBProgress (5): 11 kB | 8.2/90 kB | 8.2/16 kB | 8.2/40 kB | 8.2/32 kBProgress (5): 11 kB | 8.2/90 kB | 12/16 kB | 8.2/40 kB | 8.2/32 kB Progress (5): 11 kB | 8.2/90 kB | 16/16 kB | 8.2/40 kB | 8.2/32 kBProgress (5): 11 kB | 8.2/90 kB | 16 kB | 8.2/40 kB | 8.2/32 kB Progress (5): 11 kB | 8.2/90 kB | 16 kB | 8.2/40 kB | 12/32 kB Progress (5): 11 kB | 8.2/90 kB | 16 kB | 8.2/40 kB | 16/32 kBProgress (5): 11 kB | 8.2/90 kB | 16 kB | 8.2/40 kB | 16/32 kBProgress (5): 11 kB | 8.2/90 kB | 16 kB | 12/40 kB | 16/32 kB Progress (5): 11 kB | 8.2/90 kB | 16 kB | 16/40 kB | 16/32 kBProgress (5): 11 kB | 8.2/90 kB | 16 kB | 16/40 kB | 16/32 kBProgress (5): 11 kB | 12/90 kB | 16 kB | 16/40 kB | 16/32 kB Progress (5): 11 kB | 16/90 kB | 16 kB | 16/40 kB | 16/32 kBProgress (5): 11 kB | 16/90 kB | 16 kB | 16/40 kB | 16/32 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC3/struts2-dwr-plugin-6.0.0-RC3.jar (11 kB at 16 kB/s)
Progress (4): 16/90 kB | 16 kB | 20/40 kB | 16/32 kBProgress (4): 16/90 kB | 16 kB | 24/40 kB | 16/32 kBProgress (4): 16/90 kB | 16 kB | 25/40 kB | 16/32 kBProgress (4): 16/90 kB | 16 kB | 29/40 kB | 16/32 kBProgress (4): 16/90 kB | 16 kB | 32/40 kB | 16/32 kBProgress (4): 16/90 kB | 16 kB | 33/40 kB | 16/32 kBProgress (4): 16/90 kB | 16 kB | 37/40 kB | 16/32 kBProgress (4): 16/90 kB | 16 kB | 40/40 kB | 16/32 kBProgress (4): 16/90 kB | 16 kB | 40/40 kB | 20/32 kBProgress (4): 16/90 kB | 16 kB | 40/40 kB | 24/32 kBProgress (4): 16/90 kB | 16 kB | 40/40 kB | 25/32 kBProgress (4): 16/90 kB | 16 kB | 40/40 kB | 29/32 kBProgress (4): 16/90 kB | 16 kB | 40/40 kB | 32/32 kBProgress (4): 16/90 kB | 16 kB | 40/40 kB | 32 kB Progress (4): 16/90 kB | 16 kB | 40 kB | 32 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC3/struts2-portlet-tiles-plugin-6.0.0-RC3.jar (16 kB at 19 kB/s)
Progress (3): 20/90 kB | 40 kB | 32 kBProgress (3): 24/90 kB | 40 kB | 32 kBProgress (3): 25/90 kB | 40 kB | 32 kBProgress (3): 29/90 kB | 40 kB | 32 kBProgress (3): 32/90 kB | 40 kB | 32 kBProgress (3): 33/90 kB | 40 kB | 32 kBProgress (3): 37/90 kB | 40 kB | 32 kBProgress (3): 40/90 kB | 40 kB | 32 kBProgress (3): 41/90 kB | 40 kB | 32 kBProgress (3): 45/90 kB | 40 kB | 32 kBProgress (3): 48/90 kB | 40 kB | 32 kBProgress (3): 49/90 kB | 40 kB | 32 kBProgress (3): 53/90 kB | 40 kB | 32 kBProgress (3): 56/90 kB | 40 kB | 32 kBProgress (3): 57/90 kB | 40 kB | 32 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC3/struts2-spring-plugin-6.0.0-RC3.jar (32 kB at 35 kB/s)
Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC3/struts2-tiles-plugin-6.0.0-RC3.jar (40 kB at 41 kB/s)
Progress (1): 61/90 kBProgress (1): 64/90 kBProgress (1): 66/90 kBProgress (1): 70/90 kBProgress (1): 72/90 kBProgress (1): 74/90 kBProgress (1): 78/90 kBProgress (1): 80/90 kBProgress (1): 82/90 kBProgress (1): 86/90 kBProgress (1): 88/90 kBProgress (1): 90 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC3/struts2-portlet-plugin-6.0.0-RC3.jar (90 kB at 77 kB/s)
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:compile (default-compile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 13 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/eventing/PublishAction.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/eventing/PublishAction.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.10.0:testCompile (default-testCompile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 3 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [115 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (61 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (8 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (11 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [ 50.102 s]
[INFO] Action chaining .................................... SUCCESS [ 7.722 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 9.567 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 4.378 s]
[INFO] Bean Validation .................................... SUCCESS [ 8.491 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 9.623 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 4.870 s]
[INFO] Control Tags ....................................... SUCCESS [ 5.136 s]
[INFO] CRUD Example ....................................... SUCCESS [ 4.650 s]
[INFO] Debugging Struts ................................... SUCCESS [ 10.685 s]
[INFO] Dynamic Url ........................................ SUCCESS [ 4.907 s]
[INFO] Exception handling ................................. SUCCESS [ 4.501 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 4.751 s]
[INFO] File upload ........................................ SUCCESS [ 4.804 s]
[INFO] Form Processing .................................... SUCCESS [ 4.509 s]
[INFO] Form Tags .......................................... SUCCESS [ 4.722 s]
[INFO] Form validation .................................... SUCCESS [ 4.344 s]
[INFO] XML based form validation .......................... SUCCESS [ 4.470 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 4.608 s]
[INFO] Http Session ....................................... SUCCESS [ 4.334 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 4.439 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 8.705 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 6.595 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 6.489 s]
[INFO] Message resource ................................... SUCCESS [ 4.746 s]
[INFO] Message Store ...................................... SUCCESS [ 4.296 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 22.232 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 03:42 min
[INFO] Finished at: 2022-03-29T22:02:52Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #65
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/65/display/redirect>
Changes:
------------------------------------------
Started by timer
Running as SYSTEM
[EnvInject] - Loading node environment variables.
Building remotely on builds42 (ubuntu) in workspace <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/>
The recommended git tool is: NONE
No credentials specified
Cloning the remote Git repository
Cloning repository https://gitbox.apache.org/repos/asf/struts-examples.git
> git init <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/> # timeout=10
Fetching upstream changes from https://gitbox.apache.org/repos/asf/struts-examples.git
> git --version # timeout=10
> git --version # 'git version 2.17.1'
> git fetch --tags --progress -- https://gitbox.apache.org/repos/asf/struts-examples.git +refs/heads/*:refs/remotes/origin/* # timeout=10
> git config remote.origin.url https://gitbox.apache.org/repos/asf/struts-examples.git # timeout=10
> git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
Avoid second fetch
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
Checking out Revision 10cacf5d0cdd8da2e4d36ce1929c146ddfa17a81 (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f 10cacf5d0cdd8da2e4d36ce1929c146ddfa17a81 # timeout=10
Commit message: "Upgrades Log4j to version 2.17.1"
> git rev-list --no-walk 10cacf5d0cdd8da2e4d36ce1929c146ddfa17a81 # timeout=10
ERROR: No tool found matching MAVEN_3_LATEST__HOME
[Struts-examples-dependency-check] $ /bin/sh -xe /tmp/jenkins911442016176160333.sh
+ export MAVEN_OPTS=-Xms2g -Xmx2g -XX:MaxPermSize=512m -XX:+CMSClassUnloadingEnabled
+ export PATH=:/home/jenkins/tools/java/latest11/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+ ./mvnw verify -Pdependency-check
Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option MaxPermSize; support was removed in 8.0
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.apache.struts:portlet:war:1.1.0
[WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-surefire-plugin is missing. @ org.apache.struts:portlet:[unknown-version], <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/pom.xml,> line 179, column 21
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.apache.struts:rest-angular:war:1.1.0
[WARNING] 'build.plugins.plugin.version' for com.cj.jshintmojo:jshint-maven-plugin is missing. @ org.apache.struts:rest-angular:[unknown-version], <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/rest-angular/pom.xml,> line 122, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Struts 2 Examples [pom]
[INFO] Action chaining [war]
[INFO] Annotations with Convention Plugin [war]
[INFO] Basic Struts2 Example [war]
[INFO] Bean Validation [war]
[INFO] Struts 2 Blank Webapp [war]
[INFO] Coding Struts 2 Action [war]
[INFO] Control Tags [war]
[INFO] CRUD Example [war]
[INFO] Debugging Struts [war]
[INFO] Dynamic Url [war]
[INFO] Exception handling [war]
[INFO] Exclude Parameters [war]
[INFO] File upload [war]
[INFO] Form Processing [war]
[INFO] Form Tags [war]
[INFO] Form validation [war]
[INFO] XML based form validation [war]
[INFO] Hello World Struts 2 Example Application [war]
[INFO] Http Session [war]
[INFO] Struts 2 Interceptors [war]
[INFO] JSON produce/consume [war]
[INFO] Customized JSON produce [war]
[INFO] Struts 2 Mail Reader Webapp [war]
[INFO] Message resource [war]
[INFO] Message Store [war]
[INFO] Portlet Webapp [war]
[INFO] Preparable Interface [war]
[INFO] Struts 2 Quarkus [jar]
[INFO] REST to Action Mapper Example Application [war]
[INFO] REST Plugin based application with AngularJS [war]
[INFO] Struts2 with Basic Shiro Security Integration [war]
[INFO] Struts2 with Spring Integration [war]
[INFO] Custom TextProvider [war]
[INFO] Struts Tiles Example [war]
[INFO] Struts 2 Themes [war]
[INFO] Struts 2 Themes Override [war]
[INFO] Type Conversion [war]
[INFO] Unit Testing [war]
[INFO] Unknown handler [war]
[INFO] Using Struts 2 Tags [war]
[INFO] validation-messages [war]
[INFO] Wildcard Method Selection [war]
[INFO] Wildcard RegEx pattern matching [war]
[INFO]
[INFO] -----------------< org.apache.struts:struts-examples >------------------
[INFO] Building Struts 2 Examples 1.1.0 [1/44]
[INFO] --------------------------------[ pom ]---------------------------------
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.pom
Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.pom
Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.pom
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.pom
[WARNING] The POM for org.apache.struts:struts2-core:jar:6.0.0-RC1 is missing, no dependency information available
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.jar
Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.jar
Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.jar
Downloading from central: https://repo.maven.apache.org/maven2/org/apache/struts/struts2-core/6.0.0-RC1/struts2-core-6.0.0-RC1.jar
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ FAILURE [ 4.225 s]
[INFO] Action chaining .................................... SKIPPED
[INFO] Annotations with Convention Plugin ................. SKIPPED
[INFO] Basic Struts2 Example .............................. SKIPPED
[INFO] Bean Validation .................................... SKIPPED
[INFO] Struts 2 Blank Webapp .............................. SKIPPED
[INFO] Coding Struts 2 Action ............................. SKIPPED
[INFO] Control Tags ....................................... SKIPPED
[INFO] CRUD Example ....................................... SKIPPED
[INFO] Debugging Struts ................................... SKIPPED
[INFO] Dynamic Url ........................................ SKIPPED
[INFO] Exception handling ................................. SKIPPED
[INFO] Exclude Parameters ................................. SKIPPED
[INFO] File upload ........................................ SKIPPED
[INFO] Form Processing .................................... SKIPPED
[INFO] Form Tags .......................................... SKIPPED
[INFO] Form validation .................................... SKIPPED
[INFO] XML based form validation .......................... SKIPPED
[INFO] Hello World Struts 2 Example Application ........... SKIPPED
[INFO] Http Session ....................................... SKIPPED
[INFO] Struts 2 Interceptors .............................. SKIPPED
[INFO] JSON produce/consume ............................... SKIPPED
[INFO] Customized JSON produce ............................ SKIPPED
[INFO] Struts 2 Mail Reader Webapp ........................ SKIPPED
[INFO] Message resource ................................... SKIPPED
[INFO] Message Store ...................................... SKIPPED
[INFO] Portlet Webapp ..................................... SKIPPED
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4.995 s
[INFO] Finished at: 2022-03-01T21:59:15Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project struts-examples: Could not resolve dependencies for project org.apache.struts:struts-examples:pom:1.1.0: Could not find artifact org.apache.struts:struts2-core:jar:6.0.0-RC1 in apache-public (https://repository.apache.org/content/groups/public/) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #64
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/64/display/redirect>
Changes:
------------------------------------------
[...truncated 253.53 KB...]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-resource/target/dependency-check-report.html>
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [26/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [108 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (64 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/dependency-check-report.html>
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [27/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [581 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (56 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (13 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (1 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (17 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:15 min]
[INFO] Action chaining .................................... SUCCESS [ 9.880 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 8.305 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 8.100 s]
[INFO] Bean Validation .................................... SUCCESS [ 17.205 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 12.875 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 7.597 s]
[INFO] Control Tags ....................................... SUCCESS [ 7.587 s]
[INFO] CRUD Example ....................................... SUCCESS [ 7.610 s]
[INFO] Debugging Struts ................................... SUCCESS [ 14.650 s]
[INFO] Dynamic Url ........................................ SUCCESS [ 6.861 s]
[INFO] Exception handling ................................. SUCCESS [ 8.102 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 7.574 s]
[INFO] File upload ........................................ SUCCESS [ 7.918 s]
[INFO] Form Processing .................................... SUCCESS [ 8.036 s]
[INFO] Form Tags .......................................... SUCCESS [ 7.122 s]
[INFO] Form validation .................................... SUCCESS [ 7.219 s]
[INFO] XML based form validation .......................... SUCCESS [ 7.919 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 7.878 s]
[INFO] Http Session ....................................... SUCCESS [ 7.493 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 6.976 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 9.893 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 10.020 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 11.214 s]
[INFO] Message resource ................................... SUCCESS [ 7.405 s]
[INFO] Message Store ...................................... SUCCESS [ 7.040 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 26.126 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:25 min
[INFO] Finished at: 2022-02-01T22:04:35Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #63
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/63/display/redirect>
Changes:
------------------------------------------
[...truncated 253.49 KB...]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-resource/target/dependency-check-report.html>
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [26/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [77 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (61 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/dependency-check-report.html>
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [27/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [535 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (61 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (11 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (6 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (3 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (22 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:11 min]
[INFO] Action chaining .................................... SUCCESS [ 9.917 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 8.780 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 7.639 s]
[INFO] Bean Validation .................................... SUCCESS [ 9.430 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 12.677 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 7.441 s]
[INFO] Control Tags ....................................... SUCCESS [ 7.420 s]
[INFO] CRUD Example ....................................... SUCCESS [ 8.071 s]
[INFO] Debugging Struts ................................... SUCCESS [ 10.868 s]
[INFO] Dynamic Url ........................................ SUCCESS [ 7.330 s]
[INFO] Exception handling ................................. SUCCESS [ 7.792 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 7.224 s]
[INFO] File upload ........................................ SUCCESS [ 7.803 s]
[INFO] Form Processing .................................... SUCCESS [ 6.687 s]
[INFO] Form Tags .......................................... SUCCESS [ 7.879 s]
[INFO] Form validation .................................... SUCCESS [ 7.920 s]
[INFO] XML based form validation .......................... SUCCESS [ 7.365 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 7.956 s]
[INFO] Http Session ....................................... SUCCESS [ 7.646 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 7.850 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 11.046 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 10.448 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 9.850 s]
[INFO] Message resource ................................... SUCCESS [ 7.140 s]
[INFO] Message Store ...................................... SUCCESS [ 7.117 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 30.260 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:14 min
[INFO] Finished at: 2022-01-29T22:04:23Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #62
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/62/display/redirect?page=changes>
Changes:
[Lukasz Lenart] Upgrades Log4j to version 2.17.1
------------------------------------------
[...truncated 233.67 KB...]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ http-session ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/http-session/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ http-session ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ http-session ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ http-session ---
[INFO] Packaging webapp
[INFO] Assembling webapp [http-session] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/http-session/target/http-session]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/http-session/src/main/webapp]>
[INFO] Webapp assembled in [55 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/http-session/target/http-session.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ http-session ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (58 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/http-session/target/dependency-check-report.html>
[INFO]
[INFO] -------------------< org.apache.struts:interceptors >-------------------
[INFO] Building Struts 2 Interceptors 1.1.0 [21/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ interceptors ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 2 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ interceptors ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ interceptors ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/interceptors/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ interceptors ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ interceptors ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ interceptors ---
[INFO] Packaging webapp
[INFO] Assembling webapp [interceptors] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/interceptors/target/interceptors]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/interceptors/src/main/webapp]>
[INFO] Webapp assembled in [62 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/interceptors/target/interceptors.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ interceptors ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (56 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (5 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/interceptors/target/dependency-check-report.html>
[INFO]
[INFO] -----------------------< org.apache.struts:json >-----------------------
[INFO] Building JSON produce/consume 1.1.0 [22/44]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ json ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 2 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ json ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ json ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/json/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ json ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ json ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ json ---
[INFO] Packaging webapp
[INFO] Assembling webapp [json] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/json/target/json-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/json/src/main/webapp]>
[INFO] Webapp assembled in [68 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/json/target/json-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ json ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (63 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (6 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[WARNING] An error occurred while analyzing '/home/jenkins/.m2/repository/org/apache/struts/struts2-config-browser-plugin/6.0.0-RC1/struts2-config-browser-plugin-6.0.0-RC1.jar' (Sonatype OSS Index Analyzer).
[INFO] Finished Sonatype OSS Index Analyzer (60 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (67 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/json/target/dependency-check-report.html>
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:13 min]
[INFO] Action chaining .................................... SUCCESS [ 10.536 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 8.217 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 7.765 s]
[INFO] Bean Validation .................................... SUCCESS [ 9.074 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 11.580 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 7.320 s]
[INFO] Control Tags ....................................... SUCCESS [ 7.339 s]
[INFO] CRUD Example ....................................... SUCCESS [ 7.779 s]
[INFO] Debugging Struts ................................... SUCCESS [ 10.072 s]
[INFO] Dynamic Url ........................................ SUCCESS [ 7.024 s]
[INFO] Exception handling ................................. SUCCESS [ 8.001 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 7.545 s]
[INFO] File upload ........................................ SUCCESS [ 7.150 s]
[INFO] Form Processing .................................... SUCCESS [ 7.524 s]
[INFO] Form Tags .......................................... SUCCESS [ 7.357 s]
[INFO] Form validation .................................... SUCCESS [ 7.180 s]
[INFO] XML based form validation .......................... SUCCESS [ 7.619 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 6.933 s]
[INFO] Http Session ....................................... SUCCESS [ 7.277 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 7.566 s]
[INFO] JSON produce/consume ............................... FAILURE [01:09 min]
[INFO] Customized JSON produce ............................ SKIPPED
[INFO] Struts 2 Mail Reader Webapp ........................ SKIPPED
[INFO] Message resource ................................... SKIPPED
[INFO] Message Store ...................................... SKIPPED
[INFO] Portlet Webapp ..................................... SKIPPED
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:04 min
[INFO] Finished at: 2022-01-01T22:04:15Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.1:check (default) on project json: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR] AnalysisException: Failed to request component-reports
[ERROR] caused by TransportException: Unexpected response; status: 504
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :json
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #61
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/61/display/redirect?page=changes>
Changes:
[Lukasz Lenart] Upgrades to Struts 6.0.0-RC1
[github] log4j 2.17.0
[github] Bump dependency-check-maven from 6.4.1 to 6.5.1
[Lukasz Lenart] Adds simple example with dynamic href
[chil] Add prefilled age and save age in memory after form submit
------------------------------------------
[...truncated 301.67 KB...]
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [40 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (59 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message Store:
log4j-core-2.17.0.jar (pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0, cpe:2.3:a:apache:log4j:2.17.0:*:*:*:*:*:*:*) : CVE-2021-44832
See the dependency-check report for more details.
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [27/44]
[INFO] --------------------------------[ war ]---------------------------------
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/6.0.0-RC1/struts2-spring-plugin-6.0.0-RC1.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC1/struts2-spring-plugin-6.0.0-RC1.pom
Progress (1): 3.7 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC1/struts2-spring-plugin-6.0.0-RC1.pom (3.7 kB at 5.4 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/6.0.0-RC1/struts2-portlet-plugin-6.0.0-RC1.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC1/struts2-portlet-plugin-6.0.0-RC1.pom
Progress (1): 4.1/5.5 kBProgress (1): 5.5 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC1/struts2-portlet-plugin-6.0.0-RC1.pom (5.5 kB at 6.9 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/6.0.0-RC1/struts2-dwr-plugin-6.0.0-RC1.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC1/struts2-dwr-plugin-6.0.0-RC1.pom
Progress (1): 1.7 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC1/struts2-dwr-plugin-6.0.0-RC1.pom (1.7 kB at 2.5 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC1/struts2-portlet-tiles-plugin-6.0.0-RC1.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC1/struts2-portlet-tiles-plugin-6.0.0-RC1.pom
Progress (1): 2.5 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC1/struts2-portlet-tiles-plugin-6.0.0-RC1.pom (2.5 kB at 3.5 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/6.0.0-RC1/struts2-tiles-plugin-6.0.0-RC1.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC1/struts2-tiles-plugin-6.0.0-RC1.pom
Progress (1): 3.3 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC1/struts2-tiles-plugin-6.0.0-RC1.pom (3.3 kB at 4.8 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/6.0.0-RC1/struts2-spring-plugin-6.0.0-RC1.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC1/struts2-portlet-tiles-plugin-6.0.0-RC1.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/6.0.0-RC1/struts2-dwr-plugin-6.0.0-RC1.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/6.0.0-RC1/struts2-portlet-plugin-6.0.0-RC1.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/6.0.0-RC1/struts2-tiles-plugin-6.0.0-RC1.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC1/struts2-spring-plugin-6.0.0-RC1.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC1/struts2-dwr-plugin-6.0.0-RC1.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC1/struts2-tiles-plugin-6.0.0-RC1.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC1/struts2-portlet-plugin-6.0.0-RC1.jar
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC1/struts2-portlet-tiles-plugin-6.0.0-RC1.jar
Progress (1): 4.1/11 kBProgress (1): 7.7/11 kBProgress (1): 8.2/11 kBProgress (1): 11 kB Progress (2): 11 kB | 4.1/90 kBProgress (2): 11 kB | 7.7/90 kBProgress (2): 11 kB | 8.2/90 kBProgress (3): 11 kB | 8.2/90 kB | 4.1/32 kBProgress (3): 11 kB | 8.2/90 kB | 7.7/32 kBProgress (3): 11 kB | 8.2/90 kB | 8.2/32 kBProgress (4): 11 kB | 8.2/90 kB | 8.2/32 kB | 4.1/16 kBProgress (4): 11 kB | 8.2/90 kB | 8.2/32 kB | 7.7/16 kBProgress (5): 11 kB | 8.2/90 kB | 8.2/32 kB | 7.7/16 kB | 4.1/40 kBProgress (5): 11 kB | 8.2/90 kB | 8.2/32 kB | 8.2/16 kB | 4.1/40 kBProgress (5): 11 kB | 8.2/90 kB | 8.2/32 kB | 8.2/16 kB | 7.7/40 kBProgress (5): 11 kB | 8.2/90 kB | 8.2/32 kB | 8.2/16 kB | 8.2/40 kBProgress (5): 11 kB | 12/90 kB | 8.2/32 kB | 8.2/16 kB | 8.2/40 kB Progress (5): 11 kB | 16/90 kB | 8.2/32 kB | 8.2/16 kB | 8.2/40 kBProgress (5): 11 kB | 16/90 kB | 8.2/32 kB | 12/16 kB | 8.2/40 kB Progress (5): 11 kB | 16/90 kB | 8.2/32 kB | 12/16 kB | 12/40 kB Progress (5): 11 kB | 16/90 kB | 8.2/32 kB | 16/16 kB | 12/40 kBProgress (5): 11 kB | 16/90 kB | 12/32 kB | 16/16 kB | 12/40 kB Progress (5): 11 kB | 16/90 kB | 12/32 kB | 16/16 kB | 16/40 kBProgress (5): 11 kB | 16/90 kB | 16/32 kB | 16/16 kB | 16/40 kBProgress (5): 11 kB | 16/90 kB | 16/32 kB | 16 kB | 16/40 kB Progress (5): 11 kB | 16/90 kB | 16/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 16/90 kB | 16/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 16/90 kB | 16/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 20/90 kB | 16/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 24/90 kB | 16/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 25/90 kB | 16/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 25/90 kB | 20/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 29/90 kB | 20/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 29/90 kB | 24/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 32/90 kB | 24/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 32/90 kB | 25/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 33/90 kB | 25/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 33/90 kB | 29/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 33/90 kB | 32/32 kB | 16 kB | 16/40 kBProgress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 16/40 kB Progress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 20/40 kBProgress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 24/40 kBProgress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 25/40 kBProgress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 29/40 kBProgress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 32/40 kBProgress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 33/40 kBProgress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 37/40 kBProgress (5): 11 kB | 33/90 kB | 32 kB | 16 kB | 40 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-dwr-plugin/6.0.0-RC1/struts2-dwr-plugin-6.0.0-RC1.jar (11 kB at 16 kB/s)
Progress (4): 37/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 41/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 41/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 45/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 49/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 49/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 53/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 57/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 57/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 61/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 65/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 66/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 70/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 73/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 74/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 78/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 81/90 kB | 32 kB | 16 kB | 40 kBProgress (4): 82/90 kB | 32 kB | 16 kB | 40 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-tiles-plugin/6.0.0-RC1/struts2-portlet-tiles-plugin-6.0.0-RC1.jar (16 kB at 19 kB/s)
Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-spring-plugin/6.0.0-RC1/struts2-spring-plugin-6.0.0-RC1.jar (32 kB at 37 kB/s)
Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-tiles-plugin/6.0.0-RC1/struts2-tiles-plugin-6.0.0-RC1.jar (40 kB at 46 kB/s)
Progress (1): 86/90 kBProgress (1): 89/90 kBProgress (1): 90 kB Downloaded from apache-staging: https://repository.apache.org/content/groups/staging/org/apache/struts/struts2-portlet-plugin/6.0.0-RC1/struts2-portlet-plugin-6.0.0-RC1.jar (90 kB at 78 kB/s)
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 13 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/FormResultAction.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/FormResultAction.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 3 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [201 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.5.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (61 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (12 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (1 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (16 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
log4j-core-2.17.0.jar (pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0, cpe:2.3:a:apache:log4j:2.17.0:*:*:*:*:*:*:*) : CVE-2021-44832
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:15 min]
[INFO] Action chaining .................................... SUCCESS [ 11.659 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 11.798 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 6.787 s]
[INFO] Bean Validation .................................... SUCCESS [ 11.948 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 13.749 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 7.299 s]
[INFO] Control Tags ....................................... SUCCESS [ 7.269 s]
[INFO] CRUD Example ....................................... SUCCESS [ 7.586 s]
[INFO] Debugging Struts ................................... SUCCESS [ 14.595 s]
[INFO] Dynamic Url ........................................ SUCCESS [ 7.516 s]
[INFO] Exception handling ................................. SUCCESS [ 7.100 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 6.761 s]
[INFO] File upload ........................................ SUCCESS [ 6.785 s]
[INFO] Form Processing .................................... SUCCESS [ 7.974 s]
[INFO] Form Tags .......................................... SUCCESS [ 7.054 s]
[INFO] Form validation .................................... SUCCESS [ 6.995 s]
[INFO] XML based form validation .......................... SUCCESS [ 7.409 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 7.038 s]
[INFO] Http Session ....................................... SUCCESS [ 7.079 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 7.046 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 12.395 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 10.231 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 9.664 s]
[INFO] Message resource ................................... SUCCESS [ 6.684 s]
[INFO] Message Store ...................................... SUCCESS [ 7.143 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 30.026 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:27 min
[INFO] Finished at: 2021-12-29T22:04:39Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #60
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/60/display/redirect?page=changes>
Changes:
[Lukasz Lenart] Uses the latest 2.15.0 Log4j version
------------------------------------------
[...truncated 114.32 KB...]
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [19 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.4.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (59 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/message-store/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message Store:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [26/43]
[INFO] --------------------------------[ war ]---------------------------------
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/2.5.28/struts2-spring-plugin-2.5.28.pom
Progress (1): 3.1 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/2.5.28/struts2-spring-plugin-2.5.28.pom (3.1 kB at 4.8 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/2.5.28/struts2-portlet-plugin-2.5.28.pom
Progress (1): 4.1/5.4 kBProgress (1): 5.4 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/2.5.28/struts2-portlet-plugin-2.5.28.pom (5.4 kB at 17 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/2.5.28/struts2-dwr-plugin-2.5.28.pom
Progress (1): 1.7 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/2.5.28/struts2-dwr-plugin-2.5.28.pom (1.7 kB at 5.1 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/2.5.28/struts2-portlet-tiles-plugin-2.5.28.pom
Progress (1): 2.5 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/2.5.28/struts2-portlet-tiles-plugin-2.5.28.pom (2.5 kB at 7.6 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/2.5.28/struts2-tiles-plugin-2.5.28.pom
Progress (1): 3.3 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/2.5.28/struts2-tiles-plugin-2.5.28.pom (3.3 kB at 10 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/2.5.28/struts2-spring-plugin-2.5.28.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/2.5.28/struts2-portlet-plugin-2.5.28.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/2.5.28/struts2-tiles-plugin-2.5.28.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/2.5.28/struts2-portlet-tiles-plugin-2.5.28.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/2.5.28/struts2-dwr-plugin-2.5.28.jar
Progress (1): 4.1/22 kBProgress (1): 7.7/22 kBProgress (1): 8.2/22 kBProgress (1): 12/22 kB Progress (1): 16/22 kBProgress (1): 16/22 kBProgress (1): 20/22 kBProgress (1): 22 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-spring-plugin/2.5.28/struts2-spring-plugin-2.5.28.jar (22 kB at 45 kB/s)
Progress (1): 4.1/11 kBProgress (1): 7.7/11 kBProgress (1): 8.2/11 kBProgress (1): 11 kB Progress (2): 11 kB | 4.1/89 kBProgress (3): 11 kB | 4.1/89 kB | 4.1/41 kBProgress (4): 11 kB | 4.1/89 kB | 4.1/41 kB | 4.1/16 kBProgress (4): 11 kB | 7.7/89 kB | 4.1/41 kB | 4.1/16 kBProgress (4): 11 kB | 7.7/89 kB | 4.1/41 kB | 7.7/16 kBProgress (4): 11 kB | 7.7/89 kB | 7.7/41 kB | 7.7/16 kBProgress (4): 11 kB | 7.7/89 kB | 7.7/41 kB | 8.2/16 kBProgress (4): 11 kB | 8.2/89 kB | 7.7/41 kB | 8.2/16 kBProgress (4): 11 kB | 8.2/89 kB | 8.2/41 kB | 8.2/16 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-dwr-plugin/2.5.28/struts2-dwr-plugin-2.5.28.jar (11 kB at 17 kB/s)
Progress (3): 8.2/89 kB | 12/41 kB | 8.2/16 kBProgress (3): 12/89 kB | 12/41 kB | 8.2/16 kB Progress (3): 12/89 kB | 12/41 kB | 12/16 kB Progress (3): 16/89 kB | 12/41 kB | 12/16 kBProgress (3): 16/89 kB | 16/41 kB | 12/16 kBProgress (3): 16/89 kB | 16/41 kB | 16 kB Progress (3): 16/89 kB | 16/41 kB | 16 kBProgress (3): 16/89 kB | 16/41 kB | 16 kBProgress (3): 16/89 kB | 20/41 kB | 16 kBProgress (3): 16/89 kB | 24/41 kB | 16 kBProgress (3): 20/89 kB | 24/41 kB | 16 kBProgress (3): 20/89 kB | 25/41 kB | 16 kBProgress (3): 24/89 kB | 25/41 kB | 16 kBProgress (3): 24/89 kB | 29/41 kB | 16 kBProgress (3): 25/89 kB | 29/41 kB | 16 kBProgress (3): 25/89 kB | 32/41 kB | 16 kBProgress (3): 25/89 kB | 33/41 kB | 16 kBProgress (3): 29/89 kB | 33/41 kB | 16 kBProgress (3): 32/89 kB | 33/41 kB | 16 kBProgress (3): 32/89 kB | 37/41 kB | 16 kBProgress (3): 33/89 kB | 37/41 kB | 16 kBProgress (3): 33/89 kB | 40/41 kB | 16 kBProgress (3): 37/89 kB | 40/41 kB | 16 kBProgress (3): 40/89 kB | 40/41 kB | 16 kBProgress (3): 40/89 kB | 41/41 kB | 16 kBProgress (3): 41/89 kB | 41/41 kB | 16 kBProgress (3): 41/89 kB | 41 kB | 16 kB Progress (3): 45/89 kB | 41 kB | 16 kBProgress (3): 48/89 kB | 41 kB | 16 kBProgress (3): 49/89 kB | 41 kB | 16 kBProgress (3): 53/89 kB | 41 kB | 16 kBProgress (3): 56/89 kB | 41 kB | 16 kBProgress (3): 57/89 kB | 41 kB | 16 kBProgress (3): 61/89 kB | 41 kB | 16 kBProgress (3): 64/89 kB | 41 kB | 16 kBProgress (3): 66/89 kB | 41 kB | 16 kBProgress (3): 70/89 kB | 41 kB | 16 kBProgress (3): 72/89 kB | 41 kB | 16 kBProgress (3): 74/89 kB | 41 kB | 16 kBProgress (3): 78/89 kB | 41 kB | 16 kBProgress (3): 80/89 kB | 41 kB | 16 kBProgress (3): 82/89 kB | 41 kB | 16 kBProgress (3): 86/89 kB | 41 kB | 16 kBProgress (3): 88/89 kB | 41 kB | 16 kBProgress (3): 89 kB | 41 kB | 16 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-tiles-plugin/2.5.28/struts2-portlet-tiles-plugin-2.5.28.jar (16 kB at 19 kB/s)
Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-tiles-plugin/2.5.28/struts2-tiles-plugin-2.5.28.jar (41 kB at 42 kB/s)
Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-portlet-plugin/2.5.28/struts2-portlet-plugin-2.5.28.jar (89 kB at 90 kB/s)
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 13 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/eventing/ProcessAction.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/eventing/ProcessAction.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/java/org/apache/struts2/portlet/example/spring/ThingManager.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 3 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [142 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.4.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (81 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (6 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (2 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (11 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
spring-aop-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
spring-core-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [ 13.784 s]
[INFO] Action chaining .................................... SUCCESS [ 7.983 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 7.818 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 5.056 s]
[INFO] Bean Validation .................................... SUCCESS [ 9.106 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 9.568 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 5.038 s]
[INFO] Control Tags ....................................... SUCCESS [ 5.293 s]
[INFO] CRUD Example ....................................... SUCCESS [ 5.168 s]
[INFO] Debugging Struts ................................... SUCCESS [ 6.674 s]
[INFO] Exception handling ................................. SUCCESS [ 5.643 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 4.886 s]
[INFO] File upload ........................................ SUCCESS [ 4.871 s]
[INFO] Form Processing .................................... SUCCESS [ 4.730 s]
[INFO] Form Tags .......................................... SUCCESS [ 4.453 s]
[INFO] Form validation .................................... SUCCESS [ 4.470 s]
[INFO] XML based form validation .......................... SUCCESS [ 6.222 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 6.283 s]
[INFO] Http Session ....................................... SUCCESS [ 5.014 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 5.285 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 6.459 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 5.538 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 7.844 s]
[INFO] Message resource ................................... SUCCESS [ 4.508 s]
[INFO] Message Store ...................................... SUCCESS [ 4.122 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 19.946 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:56 min
[INFO] Finished at: 2021-12-14T06:54:17Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.4.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-dependency-check #59
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/59/display/redirect?page=changes>
Changes:
[Lukasz Lenart] Upgrades to the latest Struts 2.5.28
[Lukasz Lenart] Drops outdated compiler options
[Lukasz Lenart] Uses JDK 11 for builds at Travis
------------------------------------------
Started by user Lukasz Lenart
Running as SYSTEM
[EnvInject] - Loading node environment variables.
Building remotely on H22 (ubuntu) in workspace <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/>
The recommended git tool is: NONE
No credentials specified
Cloning the remote Git repository
Cloning repository https://gitbox.apache.org/repos/asf/struts-examples.git
> git init <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/> # timeout=10
Fetching upstream changes from https://gitbox.apache.org/repos/asf/struts-examples.git
> git --version # timeout=10
> git --version # 'git version 2.17.1'
> git fetch --tags --progress -- https://gitbox.apache.org/repos/asf/struts-examples.git +refs/heads/*:refs/remotes/origin/* # timeout=10
> git config remote.origin.url https://gitbox.apache.org/repos/asf/struts-examples.git # timeout=10
> git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
Avoid second fetch
> git rev-parse refs/remotes/origin/master^{commit} # timeout=10
Checking out Revision df82c6df6d1c0f52f09f28d8fd1e61374501778d (refs/remotes/origin/master)
> git config core.sparsecheckout # timeout=10
> git checkout -f df82c6df6d1c0f52f09f28d8fd1e61374501778d # timeout=10
Commit message: "Uses JDK 11 for builds at Travis"
> git rev-list --no-walk 05dc3befb17b29e5e54c4a5a3676dcc1ec5ec8e0 # timeout=10
ERROR: No tool found matching MAVEN_3_LATEST__HOME
[Struts-examples-dependency-check] $ /bin/sh -xe /tmp/jenkins4545258402479508381.sh
+ export MAVEN_OPTS=-Xms2g -Xmx2g -XX:MaxPermSize=512m -XX:+CMSClassUnloadingEnabled
+ export PATH=:/home/jenkins/tools/java/latest11/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+ ./mvnw verify -Pdependency-check
Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option MaxPermSize; support was removed in 8.0
[INFO] Scanning for projects...
Downloading from apache-public: https://repository.apache.org/content/groups/public/io/quarkus/quarkus-universe-bom/2.2.1.Final/quarkus-universe-bom-2.2.1.Final.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/io/quarkus/quarkus-universe-bom/2.2.1.Final/quarkus-universe-bom-2.2.1.Final.pom
Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/io/quarkus/quarkus-universe-bom/2.2.1.Final/quarkus-universe-bom-2.2.1.Final.pom
Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/io/quarkus/quarkus-universe-bom/2.2.1.Final/quarkus-universe-bom-2.2.1.Final.pom
Downloading from central: https://repo.maven.apache.org/maven2/io/quarkus/quarkus-universe-bom/2.2.1.Final/quarkus-universe-bom-2.2.1.Final.pom
Progress (1): 1.4/739 kBProgress (1): 2.7/739 kBProgress (1): 4.1/739 kBProgress (1): 5.5/739 kBProgress (1): 6.9/739 kBProgress (1): 8.2/739 kBProgress (1): 9.6/739 kBProgress (1): 11/739 kB Progress (1): 12/739 kBProgress (1): 14/739 kBProgress (1): 15/739 kBProgress (1): 16/739 kBProgress (1): 18/739 kBProgress (1): 19/739 kBProgress (1): 21/739 kBProgress (1): 22/739 kBProgress (1): 23/739 kBProgress (1): 25/739 kBProgress (1): 26/739 kBProgress (1): 27/739 kBProgress (1): 29/739 kBProgress (1): 30/739 kBProgress (1): 32/739 kBProgress (1): 33/739 kBProgress (1): 34/739 kBProgress (1): 36/739 kBProgress (1): 37/739 kBProgress (1): 38/739 kBProgress (1): 40/739 kBProgress (1): 41/739 kBProgress (1): 43/739 kBProgress (1): 44/739 kBProgress (1): 45/739 kBProgress (1): 47/739 kBProgress (1): 48/739 kBProgress (1): 49/739 kBProgress (1): 51/739 kBProgress (1): 52/739 kBProgress (1): 53/739 kBProgress (1): 55/739 kBProgress (1): 56/739 kBProgress (1): 58/739 kBProgress (1): 59/739 kBProgress (1): 60/739 kBProgress (1): 62/739 kBProgress (1): 63/739 kBProgress (1): 64/739 kBProgress (1): 66/739 kBProgress (1): 70/739 kBProgress (1): 74/739 kBProgress (1): 78/739 kBProgress (1): 82/739 kBProgress (1): 86/739 kBProgress (1): 90/739 kBProgress (1): 94/739 kBProgress (1): 99/739 kBProgress (1): 103/739 kBProgress (1): 107/739 kBProgress (1): 111/739 kBProgress (1): 115/739 kBProgress (1): 119/739 kBProgress (1): 123/739 kBProgress (1): 127/739 kBProgress (1): 131/739 kBProgress (1): 135/739 kBProgress (1): 140/739 kBProgress (1): 144/739 kBProgress (1): 148/739 kBProgress (1): 152/739 kBProgress (1): 156/739 kBProgress (1): 160/739 kBProgress (1): 164/739 kBProgress (1): 168/739 kBProgress (1): 172/739 kBProgress (1): 176/739 kBProgress (1): 180/739 kBProgress (1): 185/739 kBProgress (1): 189/739 kBProgress (1): 193/739 kBProgress (1): 197/739 kBProgress (1): 201/739 kBProgress (1): 205/739 kBProgress (1): 209/739 kBProgress (1): 213/739 kBProgress (1): 217/739 kBProgress (1): 221/739 kBProgress (1): 226/739 kBProgress (1): 230/739 kBProgress (1): 234/739 kBProgress (1): 238/739 kBProgress (1): 242/739 kBProgress (1): 246/739 kBProgress (1): 250/739 kBProgress (1): 254/739 kBProgress (1): 258/739 kBProgress (1): 262/739 kBProgress (1): 267/739 kBProgress (1): 271/739 kBProgress (1): 275/739 kBProgress (1): 279/739 kBProgress (1): 283/739 kBProgress (1): 287/739 kBProgress (1): 291/739 kBProgress (1): 295/739 kBProgress (1): 299/739 kBProgress (1): 303/739 kBProgress (1): 307/739 kBProgress (1): 312/739 kBProgress (1): 316/739 kBProgress (1): 320/739 kBProgress (1): 324/739 kBProgress (1): 328/739 kBProgress (1): 332/739 kBProgress (1): 336/739 kBProgress (1): 340/739 kBProgress (1): 344/739 kBProgress (1): 348/739 kBProgress (1): 353/739 kBProgress (1): 357/739 kBProgress (1): 361/739 kBProgress (1): 365/739 kBProgress (1): 369/739 kBProgress (1): 373/739 kBProgress (1): 377/739 kBProgress (1): 381/739 kBProgress (1): 385/739 kBProgress (1): 389/739 kBProgress (1): 393/739 kBProgress (1): 398/739 kBProgress (1): 402/739 kBProgress (1): 406/739 kBProgress (1): 410/739 kBProgress (1): 414/739 kBProgress (1): 418/739 kBProgress (1): 422/739 kBProgress (1): 426/739 kBProgress (1): 430/739 kBProgress (1): 434/739 kBProgress (1): 439/739 kBProgress (1): 443/739 kBProgress (1): 447/739 kBProgress (1): 451/739 kBProgress (1): 455/739 kBProgress (1): 459/739 kBProgress (1): 463/739 kBProgress (1): 467/739 kBProgress (1): 471/739 kBProgress (1): 475/739 kBProgress (1): 480/739 kBProgress (1): 484/739 kBProgress (1): 488/739 kBProgress (1): 492/739 kBProgress (1): 496/739 kBProgress (1): 500/739 kBProgress (1): 504/739 kBProgress (1): 508/739 kBProgress (1): 512/739 kBProgress (1): 516/739 kBProgress (1): 520/739 kBProgress (1): 525/739 kBProgress (1): 529/739 kBProgress (1): 533/739 kBProgress (1): 537/739 kBProgress (1): 541/739 kBProgress (1): 545/739 kBProgress (1): 549/739 kBProgress (1): 553/739 kBProgress (1): 557/739 kBProgress (1): 561/739 kBProgress (1): 566/739 kBProgress (1): 570/739 kBProgress (1): 574/739 kBProgress (1): 578/739 kBProgress (1): 582/739 kBProgress (1): 586/739 kBProgress (1): 590/739 kBProgress (1): 594/739 kBProgress (1): 598/739 kBProgress (1): 602/739 kBProgress (1): 606/739 kBProgress (1): 611/739 kBProgress (1): 615/739 kBProgress (1): 619/739 kBProgress (1): 623/739 kBProgress (1): 627/739 kBProgress (1): 631/739 kBProgress (1): 635/739 kBProgress (1): 639/739 kBProgress (1): 643/739 kBProgress (1): 647/739 kBProgress (1): 652/739 kBProgress (1): 656/739 kBProgress (1): 660/739 kBProgress (1): 664/739 kBProgress (1): 668/739 kBProgress (1): 672/739 kBProgress (1): 676/739 kBProgress (1): 680/739 kBProgress (1): 684/739 kBProgress (1): 688/739 kBProgress (1): 692/739 kBProgress (1): 697/739 kBProgress (1): 701/739 kBProgress (1): 705/739 kBProgress (1): 709/739 kBProgress (1): 713/739 kBProgress (1): 717/739 kBProgress (1): 721/739 kBProgress (1): 725/739 kBProgress (1): 729/739 kBProgress (1): 733/739 kBProgress (1): 738/739 kBProgress (1): 739 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/quarkus/quarkus-universe-bom/2.2.1.Final/quarkus-universe-bom-2.2.1.Final.pom (739 kB at 2.8 MB/s)
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.apache.struts:portlet:war:1.1.0
[WARNING] 'build.plugins.plugin.version' for org.apache.maven.plugins:maven-surefire-plugin is missing. @ org.apache.struts:portlet:[unknown-version], <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/portlet/pom.xml,> line 179, column 21
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.apache.struts:rest-angular:war:1.1.0
[WARNING] 'build.plugins.plugin.version' for com.cj.jshintmojo:jshint-maven-plugin is missing. @ org.apache.struts:rest-angular:[unknown-version], <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/rest-angular/pom.xml,> line 117, column 21
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Build Order:
[INFO]
[INFO] Struts 2 Examples [pom]
[INFO] Action chaining [war]
[INFO] Annotations with Convention Plugin [war]
[INFO] Basic Struts2 Example [war]
[INFO] Bean Validation [war]
[INFO] Struts 2 Blank Webapp [war]
[INFO] Coding Struts 2 Action [war]
[INFO] Control Tags [war]
[INFO] CRUD Example [war]
[INFO] Debugging Struts [war]
[INFO] Exception handling [war]
[INFO] Exclude Parameters [war]
[INFO] File upload [war]
[INFO] Form Processing [war]
[INFO] Form Tags [war]
[INFO] Form validation [war]
[INFO] XML based form validation [war]
[INFO] Hello World Struts 2 Example Application [war]
[INFO] Http Session [war]
[INFO] Struts 2 Interceptors [war]
[INFO] JSON produce/consume [war]
[INFO] Customized JSON produce [war]
[INFO] Struts 2 Mail Reader Webapp [war]
[INFO] Message resource [war]
[INFO] Message Store [war]
[INFO] Portlet Webapp [war]
[INFO] Preparable Interface [war]
[INFO] Struts 2 Quarkus [jar]
[INFO] REST to Action Mapper Example Application [war]
[INFO] REST Plugin based application with AngularJS [war]
[INFO] Struts2 with Basic Shiro Security Integration [war]
[INFO] Struts2 with Spring Integration [war]
[INFO] Custom TextProvider [war]
[INFO] Struts Tiles Example [war]
[INFO] Struts 2 Themes [war]
[INFO] Struts 2 Themes Override [war]
[INFO] Type Conversion [war]
[INFO] Unit Testing [war]
[INFO] Unknown handler [war]
[INFO] Using Struts 2 Tags [war]
[INFO] validation-messages [war]
[INFO] Wildcard Method Selection [war]
[INFO] Wildcard RegEx pattern matching [war]
[INFO]
[INFO] -----------------< org.apache.struts:struts-examples >------------------
[INFO] Building Struts 2 Examples 1.1.0 [1/43]
[INFO] --------------------------------[ pom ]---------------------------------
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/2.5.28/struts2-core-2.5.28.pom
Progress (1): 4.1/16 kBProgress (1): 7.7/16 kBProgress (1): 8.2/16 kBProgress (1): 12/16 kB Progress (1): 16/16 kBProgress (1): 16/16 kBProgress (1): 16 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/2.5.28/struts2-core-2.5.28.pom (16 kB at 20 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-parent/2.5.28/struts2-parent-2.5.28.pom
Progress (1): 4.1/45 kBProgress (1): 7.7/45 kBProgress (1): 8.2/45 kBProgress (1): 12/45 kB Progress (1): 16/45 kBProgress (1): 16/45 kBProgress (1): 20/45 kBProgress (1): 24/45 kBProgress (1): 25/45 kBProgress (1): 29/45 kBProgress (1): 32/45 kBProgress (1): 33/45 kBProgress (1): 37/45 kBProgress (1): 40/45 kBProgress (1): 41/45 kBProgress (1): 45 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-parent/2.5.28/struts2-parent-2.5.28.pom (45 kB at 91 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/ognl/ognl/3.1.29/ognl-3.1.29.pom
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/ognl/ognl/3.1.29/ognl-3.1.29.pom
Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/ognl/ognl/3.1.29/ognl-3.1.29.pom
Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/ognl/ognl/3.1.29/ognl-3.1.29.pom
Downloading from central: https://repo.maven.apache.org/maven2/ognl/ognl/3.1.29/ognl-3.1.29.pom
Progress (1): 4.1/6.6 kBProgress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/ognl/ognl/3.1.29/ognl-3.1.29.pom (6.6 kB at 312 kB/s)
Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/2.5.28/struts2-core-2.5.28.jar
Downloading from apache-public: https://repository.apache.org/content/groups/public/ognl/ognl/3.1.29/ognl-3.1.29.jar
Progress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.1/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.2/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.3/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.4/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.5/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.6/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.7/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.8/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 0.9/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.0/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.1/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.2/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.3/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.4/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.5/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6/1.6 MBProgress (1): 1.6 MB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/2.5.28/struts2-core-2.5.28.jar (1.6 MB at 788 kB/s)
Downloading from apache-staging: https://repository.apache.org/content/groups/staging/ognl/ognl/3.1.29/ognl-3.1.29.jar
Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/ognl/ognl/3.1.29/ognl-3.1.29.jar
Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/ognl/ognl/3.1.29/ognl-3.1.29.jar
Downloading from central: https://repo.maven.apache.org/maven2/ognl/ognl/3.1.29/ognl-3.1.29.jar
Progress (1): 4.1/262 kBProgress (1): 8.2/262 kBProgress (1): 12/262 kB Progress (1): 16/262 kBProgress (1): 20/262 kBProgress (1): 25/262 kBProgress (1): 29/262 kBProgress (1): 33/262 kBProgress (1): 37/262 kBProgress (1): 41/262 kBProgress (1): 45/262 kBProgress (1): 49/262 kBProgress (1): 53/262 kBProgress (1): 57/262 kBProgress (1): 61/262 kBProgress (1): 66/262 kBProgress (1): 70/262 kBProgress (1): 74/262 kBProgress (1): 78/262 kBProgress (1): 82/262 kBProgress (1): 86/262 kBProgress (1): 90/262 kBProgress (1): 94/262 kBProgress (1): 98/262 kBProgress (1): 102/262 kBProgress (1): 106/262 kBProgress (1): 111/262 kBProgress (1): 115/262 kBProgress (1): 119/262 kBProgress (1): 123/262 kBProgress (1): 127/262 kBProgress (1): 131/262 kBProgress (1): 135/262 kBProgress (1): 139/262 kBProgress (1): 143/262 kBProgress (1): 147/262 kBProgress (1): 152/262 kBProgress (1): 156/262 kBProgress (1): 160/262 kBProgress (1): 164/262 kBProgress (1): 168/262 kBProgress (1): 172/262 kBProgress (1): 176/262 kBProgress (1): 180/262 kBProgress (1): 184/262 kBProgress (1): 188/262 kBProgress (1): 193/262 kBProgress (1): 197/262 kBProgress (1): 201/262 kBProgress (1): 205/262 kBProgress (1): 209/262 kBProgress (1): 213/262 kBProgress (1): 217/262 kBProgress (1): 221/262 kBProgress (1): 225/262 kBProgress (1): 229/262 kBProgress (1): 233/262 kBProgress (1): 238/262 kBProgress (1): 242/262 kBProgress (1): 246/262 kBProgress (1): 250/262 kBProgress (1): 254/262 kBProgress (1): 255/262 kBProgress (1): 259/262 kBProgress (1): 262 kB Downloaded from central: https://repo.maven.apache.org/maven2/ognl/ognl/3.1.29/ognl-3.1.29.jar (262 kB at 4.7 MB/s)
[INFO]
[INFO] --- dependency-check-maven:6.4.1:check (default) @ struts-examples ---
[INFO] Checking for updates
[INFO] Download Started for NVD CVE - Modified
[INFO] Download Complete for NVD CVE - Modified (581 ms)
[INFO] Processing Started for NVD CVE - Modified
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.fasterxml.jackson.module.afterburner.util.MyClassLoader (file:/home/jenkins/.m2/repository/com/fasterxml/jackson/module/jackson-module-afterburner/2.13.0/jackson-module-afterburner-2.13.0.jar) to method java.lang.ClassLoader.findLoadedClass(java.lang.String)
WARNING: Please consider reporting this to the maintainers of com.fasterxml.jackson.module.afterburner.util.MyClassLoader
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Processing Complete for NVD CVE - Modified (3421 ms)
[INFO] Begin database maintenance
[INFO] Updated the CPE ecosystem on 116164 NVD records
[INFO] Removed the CPE ecosystem on 2 NVD records
[INFO] Cleaned up 27 orphaned NVD records
[INFO] End database maintenance (19016 ms)
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Begin database defrag
[INFO] End database defrag (5068 ms)
[INFO] Check for updates complete (32734 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (3 seconds)
[INFO] Finished CPE Analyzer (4 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (1 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (7 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Examples:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
log4j-api-2.10.0.jar (pkg:maven/org.apache.logging.log4j/log4j-api@2.10.0, cpe:2.3:a:apache:log4j:2.10.0:*:*:*:*:*:*:*) : CVE-2020-9488, CVE-2021-44228
log4j-core-2.10.0.jar (pkg:maven/org.apache.logging.log4j/log4j-core@2.10.0, cpe:2.3:a:apache:log4j:2.10.0:*:*:*:*:*:*:*) : CVE-2020-9488, CVE-2021-44228, CWE-502: Deserialization of Untrusted Data
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ FAILURE [ 54.094 s]
[INFO] Action chaining .................................... SKIPPED
[INFO] Annotations with Convention Plugin ................. SKIPPED
[INFO] Basic Struts2 Example .............................. SKIPPED
[INFO] Bean Validation .................................... SKIPPED
[INFO] Struts 2 Blank Webapp .............................. SKIPPED
[INFO] Coding Struts 2 Action ............................. SKIPPED
[INFO] Control Tags ....................................... SKIPPED
[INFO] CRUD Example ....................................... SKIPPED
[INFO] Debugging Struts ................................... SKIPPED
[INFO] Exception handling ................................. SKIPPED
[INFO] Exclude Parameters ................................. SKIPPED
[INFO] File upload ........................................ SKIPPED
[INFO] Form Processing .................................... SKIPPED
[INFO] Form Tags .......................................... SKIPPED
[INFO] Form validation .................................... SKIPPED
[INFO] XML based form validation .......................... SKIPPED
[INFO] Hello World Struts 2 Example Application ........... SKIPPED
[INFO] Http Session ....................................... SKIPPED
[INFO] Struts 2 Interceptors .............................. SKIPPED
[INFO] JSON produce/consume ............................... SKIPPED
[INFO] Customized JSON produce ............................ SKIPPED
[INFO] Struts 2 Mail Reader Webapp ........................ SKIPPED
[INFO] Message resource ................................... SKIPPED
[INFO] Message Store ...................................... SKIPPED
[INFO] Portlet Webapp ..................................... SKIPPED
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 57.704 s
[INFO] Finished at: 2021-12-14T06:49:13Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.4.1:check (default) on project struts-examples:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] log4j-api-2.10.0.jar: CVE-2021-44228
[ERROR] log4j-core-2.10.0.jar: CVE-2021-44228, CWE-502: Deserialization of Untrusted Data
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-JDK8-dependency-check #58
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/58/display/redirect>
Changes:
------------------------------------------
[...truncated 101.21 KB...]
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-resource/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message resource:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [25/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [37 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.4.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (58 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message Store:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [26/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [350 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.4.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (55 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (9 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (1 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (5 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (16 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
spring-aop-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
spring-core-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:10 min]
[INFO] Action chaining .................................... SUCCESS [ 9.533 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 7.792 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 6.749 s]
[INFO] Bean Validation .................................... SUCCESS [ 9.819 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 10.368 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 6.440 s]
[INFO] Control Tags ....................................... SUCCESS [ 6.589 s]
[INFO] CRUD Example ....................................... SUCCESS [ 6.664 s]
[INFO] Debugging Struts ................................... SUCCESS [ 7.189 s]
[INFO] Exception handling ................................. SUCCESS [ 6.421 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 6.292 s]
[INFO] File upload ........................................ SUCCESS [ 6.356 s]
[INFO] Form Processing .................................... SUCCESS [ 6.285 s]
[INFO] Form Tags .......................................... SUCCESS [ 6.563 s]
[INFO] Form validation .................................... SUCCESS [ 6.570 s]
[INFO] XML based form validation .......................... SUCCESS [ 6.605 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 6.195 s]
[INFO] Http Session ....................................... SUCCESS [ 6.601 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 6.617 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 7.519 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 7.167 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 8.507 s]
[INFO] Message resource ................................... SUCCESS [ 7.395 s]
[INFO] Message Store ...................................... SUCCESS [ 6.051 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 24.115 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:28 min
[INFO] Finished at: 2021-12-01T05:51:29Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.4.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-JDK8-dependency-check #57
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/57/display/redirect?page=changes>
Changes:
[github] Bump dependency-check-maven from 6.3.1 to 6.4.1
------------------------------------------
[...truncated 101.14 KB...]
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-resource/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message resource:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [25/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [39 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.4.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (72 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message Store:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [26/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [338 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.4.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (57 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (10 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (3 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (16 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
spring-aop-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
spring-core-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:07 min]
[INFO] Action chaining .................................... SUCCESS [ 9.709 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 7.577 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 7.136 s]
[INFO] Bean Validation .................................... SUCCESS [ 10.002 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 10.505 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 6.792 s]
[INFO] Control Tags ....................................... SUCCESS [ 6.651 s]
[INFO] CRUD Example ....................................... SUCCESS [ 6.875 s]
[INFO] Debugging Struts ................................... SUCCESS [ 7.085 s]
[INFO] Exception handling ................................. SUCCESS [ 6.560 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 6.448 s]
[INFO] File upload ........................................ SUCCESS [ 6.639 s]
[INFO] Form Processing .................................... SUCCESS [ 6.613 s]
[INFO] Form Tags .......................................... SUCCESS [ 6.454 s]
[INFO] Form validation .................................... SUCCESS [ 6.432 s]
[INFO] XML based form validation .......................... SUCCESS [ 6.870 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 6.510 s]
[INFO] Http Session ....................................... SUCCESS [ 6.399 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 6.536 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 7.315 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 6.872 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 8.473 s]
[INFO] Message resource ................................... SUCCESS [ 6.586 s]
[INFO] Message Store ...................................... SUCCESS [ 6.449 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 22.026 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:23 min
[INFO] Finished at: 2021-11-29T05:51:20Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.4.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-JDK8-dependency-check #56
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/56/display/redirect>
Changes:
------------------------------------------
[...truncated 101.08 KB...]
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-resource/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message resource:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [25/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [203 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.3.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (60 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message Store:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [26/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [431 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.3.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (66 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (9 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (3 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (5 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (18 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
spring-aop-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
spring-core-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:07 min]
[INFO] Action chaining .................................... SUCCESS [ 9.359 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 7.748 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 6.710 s]
[INFO] Bean Validation .................................... SUCCESS [ 9.546 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 11.119 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 7.047 s]
[INFO] Control Tags ....................................... SUCCESS [ 6.772 s]
[INFO] CRUD Example ....................................... SUCCESS [ 6.689 s]
[INFO] Debugging Struts ................................... SUCCESS [ 7.130 s]
[INFO] Exception handling ................................. SUCCESS [ 6.796 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 6.868 s]
[INFO] File upload ........................................ SUCCESS [ 6.746 s]
[INFO] Form Processing .................................... SUCCESS [ 6.364 s]
[INFO] Form Tags .......................................... SUCCESS [ 6.620 s]
[INFO] Form validation .................................... SUCCESS [ 6.645 s]
[INFO] XML based form validation .......................... SUCCESS [ 6.659 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 6.815 s]
[INFO] Http Session ....................................... SUCCESS [ 6.465 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 6.684 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 6.830 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 6.874 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 9.076 s]
[INFO] Message resource ................................... SUCCESS [ 7.159 s]
[INFO] Message Store ...................................... SUCCESS [ 6.457 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 24.940 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:28 min
[INFO] Finished at: 2021-11-01T05:51:38Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-JDK8-dependency-check #55
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/55/display/redirect?page=changes>
Changes:
[github] Bump jackson.version from 2.12.5 to 2.13.0
------------------------------------------
[...truncated 101.13 KB...]
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-resource/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message resource:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [25/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [51 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.3.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (69 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message Store:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [26/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [294 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.3.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (60 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (10 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (5 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (18 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
spring-aop-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
spring-core-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:06 min]
[INFO] Action chaining .................................... SUCCESS [ 9.833 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 7.656 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 6.704 s]
[INFO] Bean Validation .................................... SUCCESS [ 9.572 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 10.424 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 6.727 s]
[INFO] Control Tags ....................................... SUCCESS [ 6.295 s]
[INFO] CRUD Example ....................................... SUCCESS [ 6.558 s]
[INFO] Debugging Struts ................................... SUCCESS [ 7.072 s]
[INFO] Exception handling ................................. SUCCESS [ 6.673 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 6.404 s]
[INFO] File upload ........................................ SUCCESS [ 6.502 s]
[INFO] Form Processing .................................... SUCCESS [ 6.421 s]
[INFO] Form Tags .......................................... SUCCESS [ 6.476 s]
[INFO] Form validation .................................... SUCCESS [ 6.748 s]
[INFO] XML based form validation .......................... SUCCESS [ 6.563 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 6.522 s]
[INFO] Http Session ....................................... SUCCESS [ 6.370 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 6.339 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 6.853 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 6.927 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 9.857 s]
[INFO] Message resource ................................... SUCCESS [ 6.275 s]
[INFO] Message Store ...................................... SUCCESS [ 6.800 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 24.646 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:24 min
[INFO] Finished at: 2021-10-29T05:51:44Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-examples-JDK8-dependency-check #54
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/54/display/redirect>
Changes:
------------------------------------------
[...truncated 101.16 KB...]
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-resource/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message resource:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ------------------< org.apache.struts:message-store >-------------------
[INFO] Building Message Store 1.1.0 [25/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ message-store ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ message-store ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ message-store ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ message-store ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ message-store ---
[INFO] Packaging webapp
[INFO] Assembling webapp [message-store] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/src/main/webapp]>
[INFO] Webapp assembled in [40 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/message-store-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.3.1:check (default) @ message-store ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (57 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/message-store/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Message Store:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
See the dependency-check report for more details.
[INFO]
[INFO] ---------------------< org.apache.struts:portlet >----------------------
[INFO] Building Portlet Webapp 1.1.0 [26/43]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 18 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ portlet ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ portlet ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ portlet ---
[INFO] Surefire report directory: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/surefire-reports>
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ portlet ---
[INFO] Packaging webapp
[INFO] Assembling webapp [portlet] in [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0]>
[INFO] Processing war project
[INFO] Copying webapp resources [<https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/src/main/webapp]>
[INFO] Webapp assembled in [131 msecs]
[INFO] Building war: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/portlet-1.1.0.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:6.3.1:check (default) @ portlet ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (56 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (10 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (5 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (2 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (19 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-JDK8-dependency-check/ws/portlet/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Portlet Webapp:
commons-io-2.6.jar (pkg:maven/commons-io/commons-io@2.6, cpe:2.3:a:apache:commons_io:2.6:*:*:*:*:*:*:*) : CVE-2021-29425
spring-aop-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-aop@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
spring-core-4.3.26.RELEASE.jar (pkg:maven/org.springframework/spring-core@4.3.26.RELEASE, cpe:2.3:a:pivotal_software:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:4.3.26:release:*:*:*:*:*:*, cpe:2.3:a:vmware:springsource_spring_framework:4.3.26:release:*:*:*:*:*:*) : CVE-2020-5421
velocity-1.7.jar (pkg:maven/org.apache.velocity/velocity@1.7, cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*) : CVE-2020-13936
velocity-tools-2.0.jar (pkg:maven/org.apache.velocity/velocity-tools@2.0, cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:*) : CVE-2020-13959
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.1.0 ............................ SUCCESS [01:07 min]
[INFO] Action chaining .................................... SUCCESS [ 9.807 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 7.738 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 6.840 s]
[INFO] Bean Validation .................................... SUCCESS [ 7.974 s]
[INFO] Struts 2 Blank Webapp .............................. SUCCESS [ 10.001 s]
[INFO] Coding Struts 2 Action ............................. SUCCESS [ 6.769 s]
[INFO] Control Tags ....................................... SUCCESS [ 6.497 s]
[INFO] CRUD Example ....................................... SUCCESS [ 6.825 s]
[INFO] Debugging Struts ................................... SUCCESS [ 6.924 s]
[INFO] Exception handling ................................. SUCCESS [ 6.166 s]
[INFO] Exclude Parameters ................................. SUCCESS [ 7.222 s]
[INFO] File upload ........................................ SUCCESS [ 6.491 s]
[INFO] Form Processing .................................... SUCCESS [ 6.357 s]
[INFO] Form Tags .......................................... SUCCESS [ 6.596 s]
[INFO] Form validation .................................... SUCCESS [ 6.407 s]
[INFO] XML based form validation .......................... SUCCESS [ 6.263 s]
[INFO] Hello World Struts 2 Example Application ........... SUCCESS [ 6.400 s]
[INFO] Http Session ....................................... SUCCESS [ 6.623 s]
[INFO] Struts 2 Interceptors .............................. SUCCESS [ 6.486 s]
[INFO] JSON produce/consume ............................... SUCCESS [ 6.657 s]
[INFO] Customized JSON produce ............................ SUCCESS [ 7.442 s]
[INFO] Struts 2 Mail Reader Webapp ........................ SUCCESS [ 8.785 s]
[INFO] Message resource ................................... SUCCESS [ 6.693 s]
[INFO] Message Store ...................................... SUCCESS [ 6.370 s]
[INFO] Portlet Webapp ..................................... FAILURE [ 23.548 s]
[INFO] Preparable Interface ............................... SKIPPED
[INFO] Struts 2 Quarkus ................................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Unknown handler .................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1.1.0 .............. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:22 min
[INFO] Finished at: 2021-10-01T05:51:34Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.3.1:check (default) on project portlet:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] velocity-1.7.jar: CVE-2020-13936
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :portlet
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org