You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@nutch.apache.org by Apache Jenkins Server <je...@builds.apache.org> on 2023/11/03 06:12:57 UTC

Build failed in Jenkins: Nutch » Nutch-trunk #137

See <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/137/display/redirect>

Changes:


------------------------------------------
[...truncated 1.65 MB...]
[dependency-check] Download Complete for NVD CVE - 2008  (694 ms)
[dependency-check] Processing Started for NVD CVE - 2008
[dependency-check] Processing Complete for NVD CVE - 2007  (6084 ms)
[dependency-check] Download Started for NVD CVE - 2009
[dependency-check] Download Complete for NVD CVE - 2009  (690 ms)
[dependency-check] Processing Started for NVD CVE - 2009
[dependency-check] Processing Complete for NVD CVE - 2008  (8145 ms)
[dependency-check] Download Started for NVD CVE - 2010
[dependency-check] Download Complete for NVD CVE - 2010  (701 ms)
[dependency-check] Processing Started for NVD CVE - 2010
[dependency-check] Processing Complete for NVD CVE - 2009  (8536 ms)
[dependency-check] Download Started for NVD CVE - 2011
[dependency-check] Download Complete for NVD CVE - 2011  (692 ms)
[dependency-check] Processing Started for NVD CVE - 2011
[dependency-check] Download Started for NVD CVE - 2012
[dependency-check] Download Complete for NVD CVE - 2012  (677 ms)
[dependency-check] Processing Started for NVD CVE - 2012
[dependency-check] Processing Complete for NVD CVE - 2010  (9935 ms)
[dependency-check] Download Started for NVD CVE - 2013
[dependency-check] Download Complete for NVD CVE - 2013  (697 ms)
[dependency-check] Processing Started for NVD CVE - 2013
[dependency-check] Processing Complete for NVD CVE - 2011  (11115 ms)
[dependency-check] Download Started for NVD CVE - 2014
[dependency-check] Download Complete for NVD CVE - 2014  (705 ms)
[dependency-check] Processing Started for NVD CVE - 2014
[dependency-check] Download Started for NVD CVE - 2015
[dependency-check] Processing Complete for NVD CVE - 2012  (13664 ms)
[dependency-check] Download Complete for NVD CVE - 2015  (701 ms)
[dependency-check] Processing Started for NVD CVE - 2015
[dependency-check] Download Started for NVD CVE - 2016
[dependency-check] Processing Complete for NVD CVE - 2013  (13794 ms)
[dependency-check] Download Complete for NVD CVE - 2016  (710 ms)
[dependency-check] Processing Started for NVD CVE - 2016
[dependency-check] Processing Complete for NVD CVE - 2014  (10818 ms)
[dependency-check] Processing Complete for NVD CVE - 2015  (8273 ms)
[dependency-check] Download Started for NVD CVE - 2017
[dependency-check] Download Complete for NVD CVE - 2017  (767 ms)
[dependency-check] Processing Started for NVD CVE - 2017
[dependency-check] Download Started for NVD CVE - 2018
[dependency-check] Download Complete for NVD CVE - 2018  (782 ms)
[dependency-check] Processing Started for NVD CVE - 2018
[dependency-check] Processing Complete for NVD CVE - 2016  (10135 ms)
[dependency-check] Download Started for NVD CVE - 2019
[dependency-check] Download Complete for NVD CVE - 2019  (757 ms)
[dependency-check] Processing Started for NVD CVE - 2019
[dependency-check] Download Started for NVD CVE - 2020
[dependency-check] Download Complete for NVD CVE - 2020  (774 ms)
[dependency-check] Processing Started for NVD CVE - 2020
[dependency-check] Processing Complete for NVD CVE - 2017  (15155 ms)
[dependency-check] Download Started for NVD CVE - 2021
[dependency-check] Download Complete for NVD CVE - 2021  (813 ms)
[dependency-check] Processing Started for NVD CVE - 2021
[dependency-check] Processing Complete for NVD CVE - 2018  (14616 ms)
[dependency-check] Download Started for NVD CVE - 2022
[dependency-check] Download Complete for NVD CVE - 2022  (806 ms)
[dependency-check] Processing Started for NVD CVE - 2022
[dependency-check] Processing Complete for NVD CVE - 2019  (15095 ms)
[dependency-check] Processing Complete for NVD CVE - 2020  (12844 ms)
[dependency-check] Download Started for NVD CVE - 2023
[dependency-check] Download Complete for NVD CVE - 2023  (769 ms)
[dependency-check] Processing Started for NVD CVE - 2023
[dependency-check] Processing Complete for NVD CVE - 2021  (15215 ms)
[dependency-check] Processing Complete for NVD CVE - 2022  (15501 ms)
[dependency-check] Processing Complete for NVD CVE - 2023  (11839 ms)
[dependency-check] Download Started for NVD CVE - Modified
[dependency-check] Download Complete for NVD CVE - Modified  (612 ms)
[dependency-check] Processing Started for NVD CVE - Modified
[dependency-check] Processing Complete for NVD CVE - Modified  (3356 ms)
[dependency-check] Begin database maintenance
[dependency-check] Updated the CPE ecosystem on 136591 NVD records
[dependency-check] Removed the CPE ecosystem on 3906 NVD records
[dependency-check] Cleaned up 2 orphaned NVD records
[dependency-check] End database maintenance (17146 ms)
[dependency-check] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[dependency-check] Begin database defrag
[dependency-check] End database defrag (32242 ms)
[dependency-check] Check for updates complete (174777 ms)
[dependency-check] 
[dependency-check] 
[dependency-check] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
[dependency-check] 
[dependency-check] 
[dependency-check]    About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
[dependency-check]    False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
[dependency-check] 
[dependency-check] ? Sponsor: https://github.com/sponsors/jeremylong
[dependency-check] Analysis Started
[dependency-check] Finished Archive Analyzer (10 seconds)
[dependency-check] Finished File Name Analyzer (0 seconds)
[dependency-check] Finished Jar Analyzer (2 seconds)
[dependency-check] Finished Central Analyzer (111 seconds)
[dependency-check] Finished Dependency Merging Analyzer (0 seconds)
[dependency-check] Finished Hint Analyzer (0 seconds)
[dependency-check] Finished Version Filter Analyzer (0 seconds)
[dependency-check] Created CPE Index (18 seconds)
[dependency-check] Finished CPE Analyzer (37 seconds)
[dependency-check] Finished False Positive Analyzer (0 seconds)
[dependency-check] Finished NVD CVE Analyzer (1 seconds)
[dependency-check] Finished RetireJS Analyzer (3 seconds)
[dependency-check] Finished Sonatype OSS Index Analyzer (25 seconds)
[dependency-check] Finished Vulnerability Suppression Analyzer (0 seconds)
[dependency-check] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[dependency-check] Finished Dependency Bundling Analyzer (2 seconds)
[dependency-check] Finished Unused Suppression Rule Analyzer (0 seconds)
[dependency-check] Analysis Complete (205 seconds)
[dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.xml>
[dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.html>
[dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.json>
[dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.csv>
[dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.sarif>
[dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-jenkins.html>
[dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-junit.xml>
[dependency-check] Element event queue destroyed: {0}
[dependency-check] In DISPOSE, [{0}] fromRemote [{1}]
[dependency-check] In DISPOSE, [{0}] auxiliary [{1}]
[dependency-check] In DISPOSE, [{0}] put {1} into auxiliary [{2}]
[dependency-check] In dispose, destroying event queue.
[dependency-check] Cache event queue destroyed: {0}
[dependency-check] {0}: Saving keys to: {1}, key count: {2}
[dependency-check] {0}: Finished saving keys.
[dependency-check] {0}: Shutdown complete.
[dependency-check] In DISPOSE, [{0}] disposing of memory cache.
[dependency-check] Memory Cache dispose called.
[dependency-check] In DISPOSE, [{0}] fromRemote [{1}]
[dependency-check] In DISPOSE, [{0}] auxiliary [{1}]
[dependency-check] In DISPOSE, [{0}] put {1} into auxiliary [{2}]
[dependency-check] In dispose, destroying event queue.
[dependency-check] Cache event queue destroyed: {0}
[dependency-check] {0}: Saving keys to: {1}, key count: {2}
[dependency-check] {0}: Finished saving keys.
[dependency-check] {0}: Shutdown complete.
[dependency-check] In DISPOSE, [{0}] disposing of memory cache.
[dependency-check] Memory Cache dispose called.
[dependency-check] In DISPOSE, [{0}] fromRemote [{1}]
[dependency-check] In DISPOSE, [{0}] auxiliary [{1}]
[dependency-check] In DISPOSE, [{0}] put {1} into auxiliary [{2}]
[dependency-check] In dispose, destroying event queue.
[dependency-check] Cache event queue destroyed: {0}
[dependency-check] {0}: Saving keys to: {1}, key count: {2}
[dependency-check] {0}: Finished saving keys.
[dependency-check] {0}: Shutdown complete.
[dependency-check] In DISPOSE, [{0}] disposing of memory cache.
[dependency-check] Memory Cache dispose called.
[dependency-check] In dispose, destroying event queue.
[dependency-check] {0}: Not alive and dispose was called, filename: {1}
[dependency-check] In dispose, destroying event queue.
[dependency-check] {0}: Not alive and dispose was called, filename: {1}
[dependency-check] In dispose, destroying event queue.
[dependency-check] {0}: Not alive and dispose was called, filename: {1}

BUILD FAILED
<https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/build.xml>:651: 

Dependency-Check Failure:
One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '1.0': 
aggs-matrix-stats-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147
amqp-client-5.2.0.jar: CVE-2018-11087, CVE-2023-46120
avro-1.7.7.jar: CVE-2023-39410
aws-java-sdk-core-1.10.0.jar: CVE-2022-31159
commons-compress-1.23.0.jar: CVE-2023-42503
commons-httpclient-3.1.jar: CVE-2020-13956, CVE-2012-5783
commons-net-1.2.2.jar: CVE-2021-37533
commons-net-3.8.0.jar: CVE-2021-37533
connect-api-1.1.0.jar: CVE-2018-17196
cxf-core-3.5.3.jar: CVE-2022-46363, CVE-2022-46364
elasticsearch-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147, CVE-2023-31419, CVE-2023-31418
elasticsearch-core-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147
gson-2.8.4.jar: CVE-2022-25647
guava-31.1-jre.jar: CVE-2020-8908, CVE-2023-2976
hadoop-shaded-guava-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml: CVE-2020-8908, CVE-2023-2976
hadoop-shaded-protobuf_3_7-1.1.1.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml: CVE-2022-3171, CVE-2022-3509, CVE-2021-22569
hadoop-yarn-common-3.3.6.jar: jquery.dataTables.min.js: possible XSS, CVE-2021-23445, CVE-2020-28458, prototype pollution
htmlunit-core-js-2.67.0.jar: CVE-2023-26119, CVE-2023-2798
htmlunit-cssparser-1.12.0.jar: CVE-2023-26119, CVE-2020-5529, CVE-2023-2798, CVE-2022-28366, CVE-2022-29546
htmlunit-driver-4.7.0.jar: CVE-2023-5590
http2-client-9.4.44.v20210927.jar: CVE-2023-44487, CVE-2022-2047, CVE-2023-26048, CVE-2023-36478, CVE-2022-2048, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
http2-hpack-9.4.44.v20210927.jar: CVE-2023-36478
httpclient-4.3.6.jar: CVE-2020-13956
httpclient-4.5.10.jar: CVE-2020-13956
indexer-opensearch-1x.jar: CVE-2021-23901
jackson-annotations-2.5.0.jar: CVE-2018-1000873
jackson-annotations-2.9.0.jar: CVE-2018-1000873
jackson-core-2.5.3.jar: CVE-2018-1000873
jackson-core-2.9.4.jar: CVE-2018-1000873
jackson-databind-2.15.2.jar: CVE-2023-35116
jackson-databind-2.5.3.jar: CVE-2017-17485, CVE-2020-9547, CVE-2018-12022, CVE-2018-5968, CVE-2020-9548, CVE-2019-14379, CVE-2020-36180, CVE-2020-24616, CVE-2020-36182, CVE-2019-14439, CVE-2020-36181, CVE-2020-35491, CVE-2020-36184, CVE-2020-35490, CVE-2020-36183, CVE-2019-12814, CVE-2019-20330, CVE-2020-24750, CVE-2020-10673, CVE-2018-11307, CVE-2018-14718, CVE-2018-1000873, CVE-2018-7489, CVE-2018-14719, CVE-2020-36186, CVE-2019-17531, CVE-2020-36185, CVE-2020-36188, CVE-2020-36187, CVE-2020-10650, CVE-2020-36189, CVE-2019-12086, CVE-2019-14540, CVE-2019-12384, CVE-2023-35116, CVE-2017-15095, CVE-2019-16942, CVE-2019-16943, CVE-2021-20190, CVE-2017-7525, CVE-2020-36518, CVE-2019-17267, CVE-2019-16335, CVE-2020-36179, CVE-2020-8840, CVE-2019-14892, CVE-2022-42003, CVE-2022-42004
jackson-databind-2.9.4.jar: CVE-2020-24616, CVE-2019-14439, CVE-2020-10969, CVE-2020-11619, CVE-2019-12814, CVE-2020-10968, CVE-2020-11620, CVE-2018-11307, CVE-2018-1000873, CVE-2020-10650, CVE-2019-12384, CVE-2020-14060, CVE-2023-35116, CVE-2020-14061, CVE-2020-14062, CVE-2019-16942, CVE-2019-16943, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2020-11113, CVE-2020-36518, CVE-2020-11112, CVE-2019-14893, CVE-2020-11111, CVE-2020-8840, CVE-2019-14892, CVE-2022-42003, CVE-2022-42004, CVE-2020-9547, CVE-2018-12022, CVE-2020-9548, CVE-2018-12023, CVE-2019-14379, CVE-2020-36180, CVE-2020-14195, CVE-2020-36182, CVE-2020-36181, CVE-2020-25649, CVE-2020-35491, CVE-2020-36184, CVE-2020-35490, CVE-2020-36183, CVE-2020-35728, CVE-2019-20330, CVE-2020-24750, CVE-2020-10673, CVE-2018-14718, CVE-2018-7489, CVE-2018-14719, CVE-2020-36186, CVE-2019-17531, CVE-2020-36185, CVE-2020-36188, CVE-2020-36187, CVE-2020-10672, CVE-2020-36189, CVE-2019-12086, CVE-2019-14540, CVE-2020-9546, CVE-2021-20190, CVE-2019-17267, CVE-2019-16335, CVE-2018-14721, CVE-2020-36179, CVE-2018-14720
jackson-dataformat-cbor-2.10.4.jar: CVE-2020-28491
jackson-mapper-asl-1.9.13.jar: CVE-2017-7525, CVE-2019-10172
jdom-1.1.jar: CVE-2021-33813
jdom-2.0.2.jar: CVE-2021-33813
jetty-continuation-9.4.48.v20220622.jar: CVE-2023-44487, CVE-2023-26048, CVE-2023-36478, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
jetty-io-9.4.44.v20210927.jar: CVE-2023-44487, CVE-2022-2047, CVE-2023-26048, CVE-2023-36478, CVE-2022-2048, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
jetty-io-9.4.49.v20220914.jar: CVE-2023-44487, CVE-2023-26048, CVE-2023-36478, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
jetty-io-9.4.51.v20230217.jar: CVE-2023-44487, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
jetty-server-9.4.51.v20230217.jar: CVE-2023-44487, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
jsoup-1.8.1.jar: CVE-2015-6748, CVE-2022-36033, CVE-2021-37714
kafka-clients-1.1.0.jar: CVE-2021-38153, CVE-2018-17196, CVE-2023-25194
kafka_2.12-1.1.0.jar: CVE-2018-17196
kerb-server-1.0.1.jar: CVE-2023-25613
kerby-xdr-1.0.1.jar: CVE-2023-25613
kotlin-stdlib-1.4.10.jar: CVE-2020-29582, CVE-2022-24329
kotlin-stdlib-jdk7-1.4.10.jar: CVE-2020-29582, CVE-2022-24329
lang-mustache-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147
mapper-extras-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147
neko-htmlunit-2.67.0.jar: CVE-2023-26119, CVE-2023-2798
nekohtml-1.9.19.jar: CVE-2022-24839
netty-3.10.6.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2021-37136, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2023-34462, CVE-2021-21290, CVE-2023-44487, CVE-2020-11612, CVE-2022-24823, CVE-2022-41881, CVE-2021-21409
netty-codec-4.1.68.Final.jar: CVE-2021-43797, CVE-2023-4586, CVE-2023-44487, CVE-2022-41915, CVE-2022-24823, CVE-2022-41881, CVE-2023-34462
netty-codec-socks-4.1.60.Final.jar: CVE-2021-43797, CVE-2023-4586, CVE-2023-44487, CVE-2021-37136, CVE-2021-37137, CVE-2022-24823, CVE-2022-41881, CVE-2021-21409, CVE-2023-34462
netty-transport-4.1.68.Final.jar: CVE-2021-43797, CVE-2023-4586, CVE-2023-44487, CVE-2022-24823, CVE-2022-41881, CVE-2023-34462
netty-transport-4.1.84.Final.jar: CVE-2023-4586, CVE-2023-44487, CVE-2022-41915, CVE-2022-41881, CVE-2023-34462
netty-transport-4.1.89.Final.jar: CVE-2023-4586, CVE-2023-44487, CVE-2023-34462
nimbus-jose-jwt-9.8.1.jar/META-INF/maven/net.minidev/json-smart/pom.xml: CVE-2023-1370, CVE-2021-31684
okhttp-brotli-4.9.3.jar: CVE-2023-3782
okio-2.8.0.jar: CVE-2023-3635
parent-join-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147
protobuf-java-2.5.0.jar: CVE-2022-3171, CVE-2022-3509, CVE-2021-22569
rank-eval-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147
selenium-api-4.7.2.jar: CVE-2023-5590
snakeyaml-1.26.jar: CVE-2022-38752, CVE-2022-38751, CVE-2022-38750, CVE-2022-41854, CVE-2022-25857, CVE-2022-38749, CVE-2022-1471
snakeyaml-1.32.jar: CVE-2022-1471
snappy-java-1.1.7.1.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642
snappy-java-1.1.7.6.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642
snappy-java-1.1.8.2.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642
solr-solrj-8.11.2.jar: CVE-2023-44487
tika-langdetect-optimaize-shaded-2.9.0.0.jar/META-INF/maven/com.google.guava/guava/pom.xml: CVE-2020-8908, CVE-2018-10237, CVE-2023-2976
token-provider-1.0.1.jar: CVE-2023-25613
websocket-client-9.4.49.v20220914.jar: CVE-2023-44487, CVE-2023-26048, CVE-2023-36478, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
websocket-client-9.4.51.v20230217.jar: CVE-2023-44487, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
websocket-common-9.4.49.v20220914.jar: CVE-2023-44487, CVE-2023-26048, CVE-2023-36478, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
websocket-common-9.4.51.v20230217.jar: CVE-2023-44487, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900
woodstox-core-6.2.4.jar: CVE-2022-40152
woodstox-core-6.2.8.jar: CVE-2022-40152
xercesImpl-2.11.0.jar: CVE-2018-2799, CVE-2012-0881, CVE-2017-10355, CVE-2022-23437, CVE-2013-4002
xercesImpl-2.12.2.jar: CVE-2017-10355
zookeeper-3.4.10.jar: CVE-2023-44981, CVE-2019-0201
zookeeper-3.6.2.jar: CVE-2023-44981
zookeeper-3.6.3.jar: CVE-2023-44981
See the dependency-check report for more details.



Total time: 31 minutes 5 seconds
Build step 'Invoke Ant' marked build as failure
Publishing Javadoc
Recording test results
[Checks API] No suitable checks publisher found.
Not sending mail to unregistered user github@hugo-hirsch.de

Jenkins build is back to normal : Nutch » Nutch-trunk #138

Posted by Apache Jenkins Server <je...@builds.apache.org>.

See <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/138/display/redirect>