You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by "Tilman Hausherr (Jira)" <ji...@apache.org> on 2022/08/20 04:20:00 UTC
[jira] [Closed] (TIKA-3838) Failure when building Tika 2.4.1 due to ossindex-maven-plugin warning
[ https://issues.apache.org/jira/browse/TIKA-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tilman Hausherr closed TIKA-3838.
---------------------------------
Resolution: Not A Bug
Closing this because it's not a bug. You can still comment, don't hesitate to ask if you still have problems with the build, there have been many version updates since the last release.
> Failure when building Tika 2.4.1 due to ossindex-maven-plugin warning
> ---------------------------------------------------------------------
>
> Key: TIKA-3838
> URL: https://issues.apache.org/jira/browse/TIKA-3838
> Project: Tika
> Issue Type: Bug
> Components: build
> Affects Versions: 2.4.1
> Reporter: Bill Sterns
> Priority: Major
>
> I'm getting a failure when building Tika 2.4.1 due to a vulnerability warning. The build fails when building tika-transcribe-aws.
>
> I downloaded tika-2.4.1-src.zip, extracted the contents, then ran "mvn clean install -Dmaven.wagon.http.ssl.insecure=true -DskipTests" to build Tika. The failure is below:
>
> [INFO] ----------------< org.apache.tika:tika-transcribe-aws >-----------------
> [INFO] Building Apache Tika transcribe aws 2.4.1 [1/52]
> [INFO] -------------------------------[ bundle ]-------------------------------
> [INFO]
> [INFO] --- ossindex-maven-plugin:3.2.0:audit (audit-dependencies) @ tika-transcribe-aws ---
> [INFO] Checking for vulnerabilities; 26 artifacts
> [INFO] Exclude coordinates: [com.ibm.icu:icu4j:62.2, com.google.guava:guava:31.1-jre, org.apache.lucene:lucene-queryparser:4.0.0, com.drewnoakes:metadata-extractor:2.18.0, io.netty:netty-handler:4.1.77.Final, log4j:log4j:1.2.17, xerces:xercesImpl:2.12.2, com.h2database:h2:2.1.212, commons-dbcp:commons-dbcp:1.4]
> [INFO] Exclude vulnerability identifiers: []
> [INFO] CVSS-score threshold: 0.0
> [INFO] ------------------------------------------------------------------------
> [INFO] Reactor Summary for Apache Tika 2.4.1:
> [INFO] Apache Tika transcribe aws ......................... FAILURE [ 0.814 s]
> ...
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 3.645 s
> [INFO] Finished at: 2022-08-17T16:52:44-05:00
> [INFO] ------------------------------------------------------------------------
> [ERROR] Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (audit-dependencies) on project tika-transcribe-aws: Detected 1 vulnerable components:
> [ERROR] com.amazonaws:aws-java-sdk-s3:jar:1.12.237:compile; https://ossindex.sonatype.org/component/pkg:maven/com.amazonaws/aws-java-sdk-s3@1.12.237?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
> [ERROR] * [CVE-2022-31159] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (6.5); https://ossindex.sonatype.org/vulnerability/CVE-2022-31159?component-type=maven&component-name=com.amazonaws%2Faws-java-sdk-s3&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
> [ERROR]
> [ERROR] -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions, please read the following articles:
> [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
--
This message was sent by Atlassian Jira
(v8.20.10#820010)