You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Apache Jenkins Server <je...@builds.apache.org> on 2023/01/29 06:06:26 UTC
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #172
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/172/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5277 Upgrades Freemarker to version 2.3.32
[Lukasz Lenart] WW-5274 Marks the Pell multipart plugin as deprecated
[Lukasz Lenart] WW-5276 Cleans up also wrapper request to avoid resource leak and potential DoS attack
[Lukasz Lenart] WW-4404 Implements HttpInterceptor
------------------------------------------
[...truncated 1.17 MB...]
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jan 29, 2023 6:06:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@44ebcd03
Jan 29, 2023 6:06:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31f9b85e
Jan 29, 2023 6:06:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6631f5ca
Jan 29, 2023 6:06:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2d52216b
Jan 29, 2023 6:06:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5b247367
Jan 29, 2023 6:06:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@14bdbc74
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@19976a65
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2a225dd7
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@242aa8d9
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4e517165
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6c67e137
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4a067c25
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@64f857e7
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6d1310f6
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2bffa76d
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7f4d9395
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@48e7b3d2
Jan 29, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7a26928a
Jan 29, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@15723761
Jan 29, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30135202
Jan 29, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7a24eb3
Jan 29, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7a24eb3
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.261 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (39 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.4.jar (pkg:maven/commons-fileupload/commons-fileupload@1.4, cpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.670 s]
[INFO] Struts 2 ........................................... SUCCESS [01:03 min]
[INFO] Struts 2 Core ...................................... SUCCESS [01:52 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.444 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.882 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.039 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.260 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.292 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.398 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.620 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.374 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.682 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.629 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 8.771 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.687 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.443 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.007 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.150 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.851 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 4.830 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 10.135 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.212 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.167 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:09 min
[INFO] Finished at: 2023-01-29T06:06:24Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-dependency-check #205
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/205/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5401 Improves logging around wrapping request and detecting multipart request
[github] WW-5401 Fixes typo
[github] WW-5401 Uses same message approach
[git] WW-5364 Fix potential NPE in XmlDocConfigurationProvider
------------------------------------------
[...truncated 703.23 KB...]
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-spring-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-spring-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 9 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/com/opensymphony/xwork2/spring/SpringObjectFactory.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/com/opensymphony/xwork2/spring/SpringObjectFactory.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-spring-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-spring-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-spring-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/test-classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- surefire:3.2.5:test (default-test) @ struts2-spring-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.spring.StrutsSpringObjectFactoryTest
06:46:38.859 [main] FATAL org.apache.struts2.spring.StrutsSpringObjectFactory - ********** FATAL ERROR STARTING UP STRUTS-SPRING INTEGRATION **********
Looks like the Spring listener was not configured for your web app!
Nothing will work until WebApplicationContextUtils returns a valid ApplicationContext.
You might need to add the following to web.xml:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.770 s -- in org.apache.struts2.spring.StrutsSpringObjectFactoryTest
[INFO] Running com.test.SecurityMemberAccessProxyTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.619 s -- in com.test.SecurityMemberAccessProxyTest
[INFO] Running com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.472 s -- in com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest
[INFO] Running com.opensymphony.xwork2.spring.SpringProxyUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.602 s -- in com.opensymphony.xwork2.spring.SpringProxyUtilTest
[INFO] Running com.opensymphony.xwork2.spring.SpringObjectFactoryTest
Action class is: com.sun.proxy.$Proxy12
[INFO] Tests run: 23, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.400 s -- in com.opensymphony.xwork2.spring.SpringObjectFactoryTest
[INFO] Running com.opensymphony.xwork2.spring.ActionsFromSpringTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.094 s -- in com.opensymphony.xwork2.spring.ActionsFromSpringTest
[INFO] Running com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.091 s -- in com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 43, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-spring-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 34 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 33 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-spring-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/struts2-spring-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-spring-plugin >>>
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce) @ struts2-spring-plugin ---
[INFO] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence passed
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce-maven-version) @ struts2-spring-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-spring-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-spring-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/struts2-spring-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.12.1:attach-descriptor (attach-descriptor) @ struts2-spring-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-spring-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (48 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,CVE-2017-1000487,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus\/plexus\-container\-default@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Spring Plugin:
spring-web-5.3.31.jar (pkg:maven/org.springframework/spring-web@5.3.31, cpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*) : CVE-2024-22243
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:51 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.758 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:03 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.748 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.153 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.488 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.275 s]
[INFO] Struts 2 Spring Plugin ............................. FAILURE [ 12.143 s]
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:31 min
[INFO] Finished at: 2024-03-22T06:46:49Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-spring-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-web-5.3.31.jar: CVE-2024-22243(8.1)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-spring-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-dependency-check #204
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/204/display/redirect?page=changes>
Changes:
[github] Bump maven-surefire-plugin.version from 3.0.0-M7 to 3.2.5
------------------------------------------
[...truncated 686.28 KB...]
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-spring-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-spring-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 9 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/com/opensymphony/xwork2/spring/SpringObjectFactory.java>: Some input files use or override a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/com/opensymphony/xwork2/spring/SpringObjectFactory.java>: Recompile with -Xlint:deprecation for details.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/main/java/org/apache/struts2/spring/ClassReloadingInstantiationStrategy.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-spring-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-spring-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-spring-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/test-classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- surefire:3.2.5:test (default-test) @ struts2-spring-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.spring.StrutsSpringObjectFactoryTest
06:47:01.265 [main] FATAL org.apache.struts2.spring.StrutsSpringObjectFactory - ********** FATAL ERROR STARTING UP STRUTS-SPRING INTEGRATION **********
Looks like the Spring listener was not configured for your web app!
Nothing will work until WebApplicationContextUtils returns a valid ApplicationContext.
You might need to add the following to web.xml:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.785 s -- in org.apache.struts2.spring.StrutsSpringObjectFactoryTest
[INFO] Running com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.766 s -- in com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest
[INFO] Running com.opensymphony.xwork2.spring.ActionsFromSpringTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.777 s -- in com.opensymphony.xwork2.spring.ActionsFromSpringTest
[INFO] Running com.opensymphony.xwork2.spring.SpringObjectFactoryTest
Action class is: com.sun.proxy.$Proxy12
[INFO] Tests run: 23, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.166 s -- in com.opensymphony.xwork2.spring.SpringObjectFactoryTest
[INFO] Running com.opensymphony.xwork2.spring.SpringProxyUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.520 s -- in com.opensymphony.xwork2.spring.SpringProxyUtilTest
[INFO] Running com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.070 s -- in com.opensymphony.xwork2.spring.interceptor.ActionAutowiringInterceptorTest
[INFO] Running com.test.SecurityMemberAccessProxyTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.250 s -- in com.test.SecurityMemberAccessProxyTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 43, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-spring-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 34 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 33 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-spring-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/struts2-spring-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-spring-plugin >>>
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce) @ struts2-spring-plugin ---
[INFO] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence passed
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce-maven-version) @ struts2-spring-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-spring-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-spring-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/struts2-spring-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.12.1:attach-descriptor (attach-descriptor) @ struts2-spring-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-spring-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (29 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (1 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,CVE-2017-1000487,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus\/plexus\-container\-default@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/spring/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Spring Plugin:
spring-web-5.3.31.jar (pkg:maven/org.springframework/spring-web@5.3.31, cpe:2.3:a:pivotal_software:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*, cpe:2.3:a:web_project:web:5.3.31:*:*:*:*:*:*:*) : CVE-2024-22243
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:47 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.379 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:24 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.032 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.534 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 8.507 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 6.252 s]
[INFO] Struts 2 Spring Plugin ............................. FAILURE [ 13.080 s]
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:52 min
[INFO] Finished at: 2024-03-01T06:47:12Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-spring-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-web-5.3.31.jar: CVE-2024-22243(8.1)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-spring-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-dependency-check #203
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/203/display/redirect?page=changes>
Changes:
[github] Bump net.sf.jasperreports:jasperreports from 6.20.6 to 6.21.0
[Sebastian.Peters] Update maven-war-plugin to 3.4.0
[Sebastian.Peters] Update maven-site-plugin to 3.12.1
[Sebastian.Peters] Update assertj to 3.25.2
[Sebastian.Peters] Update slf4j to 2.0.11
[Sebastian.Peters] Update jackson to 2.16.1
[Sebastian.Peters] Update spring to 5.3.31
[Sebastian.Peters] Update log4j2 to 2.21.1
[Sebastian.Peters] Update maven-dependency-plugin to 3.6.1
[Sebastian.Peters] Update maven-enforcer-plugin to 3.4.1
[Sebastian.Peters] Update commons-lang3 to 3.14.0
[Sebastian.Peters] Update commons-io to 2.15.1
[Sebastian.Peters] Update commons-text to 1.11.0
[git] WW-5391 Add interface for VelocityManager extension point
[git] WW-5391 Fix VelocityDecoratorServlet
[git] WW-5391 Migrate other usages
[git] WW-5391 Fix bean definition
[git] WW-5391 Fix serialisation warnings
[Aleksandr Mashchenko] WW-5394 Use request encoding
[github] Bump commons-logging:commons-logging from 1.2 to 1.3.0
[github] Bump actions/upload-artifact from 4.3.0 to 4.3.1
[Greg Huber] s:file shows server/file location WW-5396
[Greg Huber] s:file shows server/file location WW-5396
[Greg Huber] s:file shows server/file location WW-5396
[Greg Huber] s:file shows server/file location WW-5396
[github] Updates link to build status on Jenkins
[github] Bump org.apache.maven.doxia:doxia-core from 1.9.1 to 1.12.0
[github] Bump slf4j.version from 2.0.11 to 2.0.12
[github] Bump commons-validator:commons-validator from 1.6 to 1.8.0
[github] Bump org.apache.maven.doxia:doxia-module-markdown from 1.9.1 to 1.12.0
[github] Bump org.apache.commons:commons-compress from 1.25.0 to 1.26.0
------------------------------------------
[...truncated 1006.24 KB...]
[INFO] Running org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.075 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Running org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Running org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.ScopeMapTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.MapEntryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryTest
[INFO] Running org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Running org.apache.tiles.request.render.DispatchRendererTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.DispatchRendererTest
[INFO] Running org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Running org.apache.tiles.request.render.StringRendererTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.StringRendererTest
[INFO] Running org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Running org.apache.tiles.request.AbstractRequestTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.AbstractRequestTest
[INFO] Running org.apache.tiles.request.RequestExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.RequestExceptionTest
[INFO] Running org.apache.tiles.request.AbstractViewRequestTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.023 s - in org.apache.tiles.request.AbstractViewRequestTest
[INFO] Running org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Running org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Running org.apache.tiles.request.ApplicationAccessTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.ApplicationAccessTest
[INFO] Running org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Running org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Running org.apache.tiles.request.AbstractClientRequestTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.014 s - in org.apache.tiles.request.AbstractClientRequestTest
[INFO] Running org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Running org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Running org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.LocaleUtilTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce) @ struts2-tiles-plugin ---
[INFO] Rule 0: org.apache.maven.enforcer.rules.dependency.DependencyConvergence passed
[INFO]
[INFO] --- enforcer:3.4.1:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.12.1:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (47 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,CVE-2017-1000487,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus\/plexus\-container\-default@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2022-4244,CVE-2022-4245,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [03:18 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.158 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:15 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.221 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.607 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.869 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.401 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 11.704 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.850 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.532 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.642 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 14.013 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.353 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 12.265 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.542 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.718 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.027 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.869 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.778 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.082 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 7.584 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.500 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 3.182 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 5.414 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 9.300 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 5.997 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 12.520 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:29 min
[INFO] Finished at: 2024-02-22T10:00:22Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-dependency-check #202
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/202/display/redirect?page=changes>
Changes:
[git] WW-5352 Introduce StrutsParameter annotation
[git] WW-5352 Introduce ThreadAllowlist bean
[git] WW-5352 First draft implementation
[git] WW-5352 Ensure allowlist is cleared if in unexpected state
[git] WW-5352 Add full unit test coverage
[git] WW-5352 Fix missing curved bracket
[git] WW-5352 Enable annotations for showcase
[git] WW-5352 Dispatcher should up thread allowlist
[git] WW-5352 Reinstate manual allowlist for generic types
[git] WW-5352 Implement auto-allowlisting for Iterator component
[git] WW-5352 Mild optimisation
[git] WW-5352 Auto allowlist parameterized types!
[git] WW-5352 Map-like type support
[git] WW-5352 Add unit test coverage for generics
[git] WW-5352 Implement transition mode
[git] WW-5352 Ensure superclasses and interfaces allowlisted
[git] WW-5352 Add debug logging for parameter rejections
[git] WW-5352 Acceptance test coverage
[git] WW-5352 Normalise parameter name
[Lukasz Lenart] Fixes excluding Plexus container in OWASP scan
[Lukasz Lenart] Drops JDK11 build and fixes duplicated steps
[s.peters] Small spelling and MD fixes (IntelliJ assisted)
[Sebastian.Peters] Mention just the maintenance branches for supported versions
[github] Stops running sonar.yml on forks
[Lukasz Lenart] WW-5360 Introduces additional countStr & indexStr to allow to ignore conversion
[github] Bump actions/upload-artifact from 4.2.0 to 4.3.0
------------------------------------------
[...truncated 6.52 KB...]
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-parent <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-parent ---
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-parent ---
[INFO] Attaching 'src/site/site.xml' site descriptor with classifier 'site'.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-parent ---
[INFO] Checking for updates
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:410)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:355)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:501)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:633)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1929)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; unable to connect.
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:187)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:381)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:355)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:501)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:633)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1929)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; unable to connect.
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:267)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:182)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:381)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:355)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:501)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:633)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1929)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:249)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:182)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:381)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:355)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:501)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:902)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:707)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:633)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1929)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:283)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:226)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:407)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:348)
[INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (8451 ms)
[WARNING] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... FAILURE [02:04 min]
[INFO] Struts 2 Bill of Materials ......................... SKIPPED
[INFO] Struts 2 Core ...................................... SKIPPED
[INFO] Struts 2 Plugins ................................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:06 min
[INFO] Finished at: 2024-02-01T06:41:20Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-parent: Fatal exception(s) analyzing Struts 2: One or more exceptions occurred during analysis:
[ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta
[ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; unable to connect.
[ERROR] caused by DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; unable to connect.
[ERROR] caused by DownloadFailedException: Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2016.meta; received response code 503; Service Unavailable
[ERROR] NoDataException: No documents exist
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-dependency-check #201
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/201/display/redirect>
Changes:
------------------------------------------
[...truncated 952.60 KB...]
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (66 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [03:16 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.346 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:17 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.614 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.207 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 8.434 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.655 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 11.984 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 9.281 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.388 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.244 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 14.422 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.199 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 11.611 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.852 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 10.122 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.495 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 6.424 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 10.226 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 7.444 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 8.262 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 3.262 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.827 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:06 min
[INFO] Finished at: 2024-01-22T08:18:59Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #200
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/200/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5362 Removes type attribute out of <s:script/> tag
[github] Bump actions/upload-artifact from 3.1.3 to 4.0.0
[github] Bump org.apache.commons:commons-compress from 1.23.0 to 1.24.0
[github] WW-5362 Removes language attribute
[github] WW-5362 Removes deprecated language attribute
[git] WW-5378 Assorted refactor and clean up
[git] WW-5378 Add option to disable ValueStack context fallback
[git] WW-5379 Implement alternative mechanism for Velocity directives to obtain ValueStack
[git] WW-5379 Add support for internal and chained contexts
[git] WW-5379 Fix not looking in chained contexts' chained contexts
[git] WW-5381 Introduce RootAccessor interface for extension point
[git] WW-5381 Introduce extension point for CompoundRootAccessor
[git] WW-5381 Introduce extension point for MethodAccessor
[git] WW-5382 Fix StrutsInternalTestCase
[git] WW-5382 Fix stale injections in Dispatcher
[git] WW-5382 Fix stale bootstrap context on ActionContext
[github] Bump org.apache.commons:commons-compress from 1.23.0 to 1.25.0
[git] WW-5382 Rework existing Dispatcher tests and base test classes
[git] WW-5382 Add test for Dispatcher reinjection
[git] WW-5382 Delete redundant code
[git] WW-5382 Rework Dispatcher injections
[git] WW-5382 Update Dispatcher#getContainer JavaDoc
[git] WW-5364 Add String.class to system allowlist
[git] WW-5379 Use ValueStackProvider marker interface for Velocity context implementation flexibility
[git] WW-5352 Repackage ParametersInterceptor and related classes
[git] WW-5352 Fix SonarCloud logging warnings
[git] WW-5352 Move ParameterNameAware and ParameterValueAware
[git] WW-5352 Refactor ParametersInterceptor
[git] WW-5381 Revert bean removal for backwards compatibility
[git] WW-5381 Revert bean removals for backwards compatibility
[git] WW-5352 Gut deprecated interfaces
[Lukasz Lenart] WW-5383 Updates RegEx to excludes JARs by default
[git] WW-5352 Do not use setter notation for helper methods
[git] WW-5352 Rename acceptable name/value methods
[git] WW-5381 Reimplement ability to register additional MethodAccessors
[git] WW-5381 Remove unnecessary/confusing parameters
[Lukasz Lenart] Stops cleaning nightlies to allow to coexist different versions
[Lukasz Lenart] WW-5365 Reverts changes introduced in WW-5192 to allow evaluate the value attribute
[github] Bump org.apache.maven.plugins:maven-release-plugin
[Lukasz Lenart] Reduces log level to debug to reduce noise in the logs
[git] WW-5352 Clean up OgnlValueStackTest
[git] WW-5352 Move method to XWorkTestCase
[github] Bump actions/upload-artifact from 4.0.0 to 4.1.0
[Lukasz Lenart] WW-5387 Fixes remove() signature
[Lukasz Lenart] WW-5374 Allows to prepend reportUri with Servlet context
[Lukasz Lenart] WW-5369 Re-define minimal library set
[Lukasz Lenart] WW-5374 Uses @code instead of <tt/>
[Lukasz Lenart] WW-5374 Adds additional test case to cover disabling prepending context
[Lukasz Lenart] WW-5357 Adds support for disabled attribute to anchor tag
[Lukasz Lenart] Extends sleep period to avoid breaking a build
[Sebastian.Peters] Upgrade maven to 3.9.6 and wrapper to 3.2.0
[github] Bump actions/upload-artifact from 4.1.0 to 4.2.0
------------------------------------------
[...truncated 925.14 KB...]
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (37 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [02:57 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.065 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:09 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.504 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.878 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.973 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.807 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 10.091 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.174 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.030 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.690 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 16.222 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.078 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.757 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.655 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 10.551 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.509 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 6.157 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.949 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.755 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 7.093 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.893 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.001 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:23 min
[INFO] Finished at: 2024-01-22T06:08:38Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #199
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/199/display/redirect>
Changes:
------------------------------------------
[...truncated 933.59 KB...]
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (68 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [03:23 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.723 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:16 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.664 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.034 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.282 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.276 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 11.558 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.336 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.245 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.639 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 14.776 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.610 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.803 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.467 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 11.738 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.898 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.968 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.914 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.142 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 7.215 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.445 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.162 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:00 min
[INFO] Finished at: 2024-01-01T06:09:17Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #198
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/198/display/redirect?page=changes>
Changes:
[git] WW-5364 Modify XmlDocConfigurationProvider to be able to load into allowlist
[git] WW-5364 Make allowlist classloader specific
[git] WW-5364 Implement provider allowlist
[git] WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
[git] WW-5364 Enable allowlist for showcase
[git] WW-5364 Add Struts components to allowlist
[git] WW-5364 Don't throw ConfigurationException on unloadable action or interceptor classes
[git] WW-5364 Replace some allowlist classes with packages
[git] WW-5343 Collect bootstrap factories
[git] WW-5343 Add unit test coverage for ProviderAllowlist
[git] WW-5343 Move JUnit4 test case into Struts-core
[github] Bump actions/setup-java from 3 to 4 (#804)
[git] WW-5343 Add integration tests for ConfigurationProvider populating ProviderAllowlist
[git] WW-5343 Add missing licenses
[git] WW-5343 Make StrutsTestCase extend same package
[git] WW-5339 Make ClassResolver a bean
[git] WW-5339 Add option to block custom OGNL maps
[Lukasz Lenart] WW-5370 Makes HttpParameters case-insensitive
[Lukasz Lenart] WW-5371 Implements action based file upload
[Lukasz Lenart] WW-5371 Uses the new upload mechanism in Showcase app
[Lukasz Lenart] WW-5371 Simplifies file upload logic and extracts constants
[Lukasz Lenart] WW-5371 Document how to use the new file upload logic
[Lukasz Lenart] WW-5370 Uses TreeMap with case-insensitive comparator
[Lukasz Lenart] WW-5370 Simplifies code
[Lukasz Lenart] WW-5370 Adds proper logic to handle null
[Lukasz Lenart] WW-5370 Simplifies error handling logic
[Lukasz Lenart] WW-5328 Removes deprecated setters
[Lukasz Lenart] Builds Struts 7 as part of the main pipeline
[github] Update CspReportAction.java WW-5373
[git] WW-5364 Add missing system allowlist classes
[github] Bump github/codeql-action from 2 to 3
------------------------------------------
[...truncated 936.07 KB...]
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (50 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:15 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.859 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:19 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.685 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.525 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 8.175 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.291 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 10.804 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.149 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.325 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.708 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 13.603 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.528 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 11.561 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.828 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.234 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.983 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.868 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 10.074 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.176 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 8.583 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.178 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 2.924 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:54 min
[INFO] Finished at: 2023-12-22T06:10:12Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #197
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/197/display/redirect?page=changes>
Changes:
[git] WW-5343 Delete unused code and consolidate constructors
[git] WW-5343 Extract ConfigParseUtil
[git] WW-5343 Extract deprecated methods as default interface methods
[git] WW-5343 Deprecate unnecessary setter
[git] WW-5343 Make SecurityMemberAccess a prototype bean
[git] WW-5343 Refactor OgnlValueStackFactory to utilise SecurityMemberAccess bean
[git] WW-5343 Update OgnlUtil#createDefaultContext to utilise SecurityMemberAccess bean
[git] WW-5343 Move configuration injection from OgnlUtil to SecurityMemberAccess
[git] WW-5343 Fix OgnlUtilTest#testBeanMapExpressions
[git] WW-5343 Fix unit test compilation errors
[git] WW-5343 Remove unnecessary method
[git] WW-5343 Add missing license
[git] WW-5343 Revert and fix serializability
[git] WW-5343 Fix MemberAccess access blocked tests
[git] WW-5343 Remove defunct test now that constant is required
[github] Bump jackson.version from 2.15.3 to 2.16.0
[git] WW-5343 Migrate tests to SecurityMemberAccessTest
[git] WW-5343 Fix final test
[git] WW-5343 Clean up bootstrap constants
[git] WW-5343 Address SonarCloud code smells
------------------------------------------
[...truncated 850.65 KB...]
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (32 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [ 53.610 s]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.701 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:15 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.410 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.063 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.343 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.713 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.569 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.918 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.269 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.325 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.392 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.432 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.300 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.350 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 10.542 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.361 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.728 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.341 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.557 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.969 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.287 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.016 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:17 min
[INFO] Finished at: 2023-12-01T06:06:31Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #196
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/196/display/redirect?page=changes>
Changes:
[git] WW-5350 Refactor SecurityMemberAccess
[git] WW-5350 Fix static member test
[git] WW-5350 Fix argument validation
[git] WW-5350 Make property matching code more succinct
[git] WW-5350 See target to null in special case
[git] WW-5350 Implement OGNL Allowlist capability
[github] Bump slf4j.version from 2.0.7 to 2.0.9
[github] Bump net.sf.jasperreports:jasperreports from 6.20.5 to 6.20.6
[git] WW-5350 Fix mismatched logging
[Lukasz Lenart] WW-5333 Refactors AttributeMap
[Lukasz Lenart] Uses the new notifications@ list for all the messages form Github
[git] WW-5363 Velocity: read chained contexts before ValueStack
[git] WW-5363 Add test coverage
[git] WW-5363 Fix super#internalGet
[git] WW-5363 Improve code coverage
[Lukasz Lenart] Send Jenkins notifications to the notifications@ list
[git] WW-5363 Remove redundant method from VelocityManager
------------------------------------------
[...truncated 882.50 KB...]
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (30 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
💖 Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
See the dependency-check report for more details.
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [03:29 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.586 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:00 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.411 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.013 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.267 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.909 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.933 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.438 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.729 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.493 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.663 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.243 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.561 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.217 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 10.311 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.551 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.427 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.777 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.953 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.881 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.476 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 3.014 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:39 min
[INFO] Finished at: 2023-11-22T06:08:56Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #195
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/195/display/redirect?page=changes>
Changes:
[github] Bump org.owasp:dependency-check-maven from 7.2.0 to 8.4.2
[tatsuo.tsuchie] Improved charset retrieval to get only once.
[github] Update core/src/main/java/org/apache/struts2/url/StrutsUrlDecoder.java
[github] Update core/src/main/java/org/apache/struts2/url/StrutsUrlDecoder.java
[git] WW-5358 Expand exclusion lists
[github] Bump ossf/scorecard-action from 2.3.0 to 2.3.1
[github] Bump junit:junit from 4.13.1 to 4.13.2
[github] Bump org.jacoco:jacoco-maven-plugin from 0.8.8 to 0.8.11
------------------------------------------
[...truncated 587.70 KB...]
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.017 s - in com.opensymphony.xwork2.util.fs.DefaultFileManagerFactoryTest
[INFO] Running com.opensymphony.xwork2.util.fs.JarEntryRevisionTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.247 s - in com.opensymphony.xwork2.util.fs.JarEntryRevisionTest
[INFO] Running com.opensymphony.xwork2.util.ResolverUtilTest
2023-11-01 06:03:37,826 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/test-classes/com]> matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:37,854 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/classes/com]> matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:37,879 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/com/github/ben-manes/caffeine/caffeine/2.9.3/caffeine-2.9.3.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,124 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/com/google/errorprone/error_prone_annotations/2.10.0/error_prone_annotations-2.10.0.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,130 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/mockobjects/mockobjects-jdk1.3/0.09/mockobjects-jdk1.3-0.09.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,152 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/mockobjects/mockobjects-jdk1.3-j2ee1.3/0.09/mockobjects-jdk1.3-j2ee1.3-0.09.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,154 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockConnection.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Connection
2023-11-01 06:03:38,154 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMapMessage.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/MapMessage
2023-11-01 06:03:38,155 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMessage.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Message
2023-11-01 06:03:38,156 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMessageConsumer.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/MessageConsumer
2023-11-01 06:03:38,156 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMessageProducer.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/MessageProducer
2023-11-01 06:03:38,157 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockMessagePublisher.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/MessageProducer
2023-11-01 06:03:38,157 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockObjectMessage.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/ObjectMessage
2023-11-01 06:03:38,158 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueue.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Queue
2023-11-01 06:03:38,158 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueConnection.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueConnection
2023-11-01 06:03:38,159 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueConnectionFactory.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueConnectionFactory
2023-11-01 06:03:38,159 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueReceiver.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueReceiver
2023-11-01 06:03:38,160 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueSender.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueSender
2023-11-01 06:03:38,161 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockQueueSession.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/QueueSession
2023-11-01 06:03:38,161 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockSession.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Session
2023-11-01 06:03:38,162 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTemporaryQueue.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TemporaryQueue
2023-11-01 06:03:38,162 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTextMessage.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TextMessage
2023-11-01 06:03:38,163 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopic.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/Topic
2023-11-01 06:03:38,163 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicConnection.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicConnection
2023-11-01 06:03:38,164 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicConnectionFactory.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicConnectionFactory
2023-11-01 06:03:38,164 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicPublisher.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicPublisher
2023-11-01 06:03:38,165 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicSession.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicSession
2023-11-01 06:03:38,165 WARN [main] util.ResolverUtil (ResolverUtil.java:480) - Could not examine class 'com/mockobjects/jms/MockTopicSubscriber.class' due to a java.lang.NoClassDefFoundError with message: javax/jms/TopicSubscriber
2023-11-01 06:03:38,185 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/mockobjects/mockobjects-core/0.09/mockobjects-core-0.09.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,195 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [/home/jenkins/.m2/repository/com/beust/jcommander/1.78/jcommander-1.78.jar] matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,217 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/test-classes/com/opensymphony/xwork2/util]> matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,219 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/classes/com/opensymphony/xwork2/util]> matching criteria: is assignable to ObjectFactory
2023-11-01 06:03:38,221 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/test-classes/]> matching criteria: named /xwork-default.xml
2023-11-01 06:03:38,344 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/classes/]> matching criteria: named /xwork-default.xml
2023-11-01 06:03:38,464 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/test-classes/com/opensymphony]> matching criteria: named /SimpleAction.properties
2023-11-01 06:03:38,482 INFO [main] util.ResolverUtil (ResolverUtil.java:370) - Scanning for classes in [<https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/classes/com/opensymphony]> matching criteria: named /SimpleAction.properties
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.67 s - in com.opensymphony.xwork2.util.ResolverUtilTest
[INFO] Running com.opensymphony.xwork2.util.WildcardHelperTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in com.opensymphony.xwork2.util.WildcardHelperTest
[INFO] Running com.opensymphony.xwork2.util.ClassLoaderUtilTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.ClassLoaderUtilTest
[INFO] Running com.opensymphony.xwork2.util.WildcardUtilTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in com.opensymphony.xwork2.util.WildcardUtilTest
[INFO] Running com.opensymphony.xwork2.util.StrutsLocalizedTextProviderTest
default message
2023-11-01 06:03:38,620 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
2023-11-01 06:03:38,822 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
2023-11-01 06:03:38,822 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
2023-11-01 06:03:38,823 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
2023-11-01 06:03:38,823 WARN [main] util.StrutsLocalizedTextProvider (StrutsLocalizedTextProvider.java:228) - Trying to find text with null key!
action property
Foo Range Message
non.existant
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.603 s - in com.opensymphony.xwork2.util.StrutsLocalizedTextProviderTest
[INFO] Running com.opensymphony.xwork2.util.GetPropertiesTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in com.opensymphony.xwork2.util.GetPropertiesTest
[INFO] Running com.opensymphony.xwork2.util.TextParseUtilTest
[INFO] Tests run: 12, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.047 s - in com.opensymphony.xwork2.util.TextParseUtilTest
[INFO] Running com.opensymphony.xwork2.util.NamedVariablePatternMatcherTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.NamedVariablePatternMatcherTest
[INFO] Running com.opensymphony.xwork2.util.location.LocationUtilsTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.location.LocationUtilsTest
[INFO] Running com.opensymphony.xwork2.util.location.LocationAttributesTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.location.LocationAttributesTest
[INFO] Running com.opensymphony.xwork2.util.location.LocationImplTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in com.opensymphony.xwork2.util.location.LocationImplTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 2493, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-core ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 1508 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 1501 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-core ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/struts2-core-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-core >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-core ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-core ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-core <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-core ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/struts2-core-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-core ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:8.4.2:check (default) @ struts2-core ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Skipping Hosted Suppressions file update since last update was within 2 hours.
[INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours.
[INFO] Check for updates complete (9 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[ERROR] Exception occurred initializing RetireJS Analyzer.
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2011-5057, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0391, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0392, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0393, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0394, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2012-0838, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1965, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-1966, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2115, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2134, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2013-2135, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0094, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2014-0113, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2015-5169, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-0785, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-4003, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-annotations@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2018-1000632, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-1000487, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:groovy, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:log4j, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:jruby:jruby, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.oval/oval@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:xstream_project:xstream, regex=false, caseSensitive=false},}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@.*$, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40153,CVE-2022-40154,CVE-2022-40155,CVE-2022-40156,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.google\.guava/guava@.*$, regex=true, caseSensitive=false},cve={CVE-2018-10237,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2017-18640,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11022,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},cve={CVE-2020-11023,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.testng/testng@.*$, regex=true, caseSensitive=false},cve={CVE-2022-4065,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}}
[INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}}
[INFO] Finished Unused Suppression Rule Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/core/target/dependency-check-report.html>
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[INFO] Cache event queue destroyed: {0}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[ERROR] {0}: Not alive and dispose was called, filename: {1}
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [ 9.824 s]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.317 s]
[INFO] Struts 2 Core ...................................... FAILURE [02:13 min]
[INFO] Struts 2 Plugins ................................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:27 min
[INFO] Finished at: 2023-11-01T06:03:46Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:8.4.2:check (default) on project struts2-core: One or more exceptions occurred during dependency-check analysis: One or more exceptions occurred during analysis:
[ERROR] InitializationException: Failed to initialize the RetireJS repo: `/tmp/dctemp67b50464-6e9f-40dd-b272-4d3520837cef/jsrepository.json` appears to be malformed. Please delete the file or run the dependency-check purge command and re-try running dependency-check.
[ERROR] caused by JSONException: No value for info
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-core
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #194
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/194/display/redirect?page=changes>
Changes:
[github] Bump org.jfree:jfreechart from 1.5.1 to 1.5.4
[Lukasz Lenart] WW-5347 Upgrades to commons-digester3 ver 3.2
[Lukasz Lenart] WW-5338 Removes deprecated OgnTool
[Lukasz Lenart] WW-5338 Removes also deprecated constant in ContextUtil
[Lukasz Lenart] WW-5344 Un-deprecates Sitemesh plugin and upgrades Sitmesh to ver 2.5.0
[git] WW-5340 Mild refactor StrutsOgnlGuard for easier subclassing
[git] WW-5340 Add debug logging for rejected form fields
[git] WW-5340 Sanitize field names before logging
[github] Bump ossf/scorecard-action from 2.2.0 to 2.3.0
[git] WW-5349 Remove Struts core dependency on OGNL VarRefs
[git] WW-5349 Remove corresponding unit tests
[git] Add JDK 21 build
[git] Fix JDK 21 build
[git] Convert test class to JUnit4
[git] Upgrade EasyMock
[git] WW-5354 Ensure ActionSupport fields are not parameter injectable
[git] WW-5355 Use LRU cache by default
[git] WW-5355 Prevent AtomicInteger being initialised to zero
[git] WW-5355 Initial Caffeine cache implementation
[git] WW-5355 Fix eviction limit in LRU cache not being enforced
[git] WW-5355 Update JavaDoc for basic and LRU cache
[git] WW-5355 Introduce new Struts constants and their defaults
[git] WW-5355 Unify bootstrap constant declaration
[git] WW-5355 Introduce new cache type selection methods and deprecate problematic setter injection
[git] Upgrade Jackson and remove unnecessary transitive override
[git] Unify HtmlUnit versions
[git] Upgrade ASM and exclude conflicting artifact
[git] WW-5355 Downgrade Caffeine version
[git] WW-5355 Fix interface and unit test bug
[git] WW-5355 Address code smells
[git] WW-5355 Delegate deprecated constructor
[git] WW-5355 Extract constants into static final fields
[git] WW-5355 Declare bootstrap constants as final field instead
[git] WW-5355 Add since tags to StrutsConstants JavaDoc
[github] Bump org.codehaus.mojo:versions-maven-plugin from 2.7 to 2.16.1
[git] WW-5355 Amend Caffeine cache implementation
[git] WW-5355 Rename cache types
[git] WW-5355 Bootstrap using basic cache
------------------------------------------
[...truncated 768.35 KB...]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-pell-multipart-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-pell-multipart-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-pell-multipart-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-pell-multipart-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 5 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 4 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-pell-multipart-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/struts2-pell-multipart-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-pell-multipart-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-pell-multipart-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-pell-multipart-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-pell-multipart-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-pell-multipart-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/struts2-pell-multipart-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-pell-multipart-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-pell-multipart-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (32 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/pell-multipart/target/dependency-check-report.html>
[INFO]
[INFO] --------------< org.apache.struts:struts2-plexus-plugin >---------------
[INFO] Building DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 6.4.0-SNAPSHOT [23/39]
[INFO] from plugins/plexus/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-plexus-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-plexus-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 5 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java> uses unchecked or unsafe operations.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/main/java/org/apache/struts2/plexus/PlexusObjectFactory.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-plexus-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-plexus-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/src/test/resources>
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-plexus-plugin ---
[INFO] No sources to compile
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-plexus-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 9 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 8 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-plexus-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-plexus-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-plexus-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-plexus-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-plexus-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/struts2-plexus-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-plexus-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-plexus-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (32 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/plexus/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0:
plexus-container-default-1.0-alpha-10.jar (pkg:maven/org.codehaus.plexus/plexus-container-default@1.0-alpha-10, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0:pha-10:*:*:*:*:*:*) : CVE-2022-4244, CVE-2022-4245
plexus-utils-1.2.jar (pkg:maven/org.codehaus.plexus/plexus-utils@1.2, cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:*, cpe:2.3:a:utils_project:utils:1.2:*:*:*:*:*:*:*) : CVE-2022-4244, CVE-2021-4277, CVE-2022-4245
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [01:01 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.608 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:04 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.259 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.816 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.701 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.796 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.767 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.601 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.814 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.289 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.796 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.346 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.804 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.175 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 8.195 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.300 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.852 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.012 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.913 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.674 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.248 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... FAILURE [ 2.820 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:11 min
[INFO] Finished at: 2023-10-22T06:06:38Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-plexus-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] plexus-container-default-1.0-alpha-10.jar: CVE-2022-4244(7.5)
[ERROR] plexus-utils-1.2.jar: CVE-2022-4244(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-plexus-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #193
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/193/display/redirect?page=changes>
Changes:
[git] WW-5341 Refactor SecurityMemberAccess methods for reuse
[git] WW-5341 Clean up SecurityMemberAccess#restore
[git] WW-5341 Further refactor of OgnlUtil and SecurityMemberAccess to store excluded classes as Strings
[git] WW-5341 Move proxy check to be first
[git] WW-5341 Split package exclusion check
[git] WW-5341 Clean up OgnlUtilTest
[git] WW-5341 Add unit test for excluded pattern validation
[git] WW-5341 Fix default ClassLoader
[git] WW-5342 Ban use of default package
[git] WW-5341 Make validation more efficient
[git] WW-5339 Clean up OgnlValueStackTest
[git] WW-5339 Misc clean up in CompoundRootAccessor
[git] WW-5342 Implement default off option
[git] WW-5342 Optimise package exclusion check
[git] WW-5340 Refactor OgnlUtil, specifically calls to Ognl#getValue,setValue,parseExpression
[git] WW-5340 Remove redundant check on #setValue
[git] WW-5340 Rename functional interface
[git] WW-5340 Fix OgnlReflectionProvider bypassing OgnlUtil
[hepptho-github.sbd2s] replace BeanManager::createInjectionTarget
[hepptho-github.sbd2s] indent CdiObjectFactory with 4 spaces everywhere
[git] Split SonarCloud into separate action
[git] WW-5340 Introducing OGNL Guard
[git] WW-5340 Fix tests
[git] WW-5340 Make OgnlGuard a configurable bean
[git] WW-5340 Cache OgnlGuard result
[git] WW-5340 Add validation to excluded node configuration
[git] WW-5340 Add unit tests
[git] WW-5340 Refactor OgnlGuard to do the parsing
[git] WW-5340 Correct optimisation
[git] WW-5340 Rename DefaultOgnlGuard to StrutsOgnlGuard
[git] WW-5340 Repackage OgnlGuard
[git] WW-5340 Rename blocked by OgnlGuard string
[git] WW-5340 Make excludedNodeTypes protected for subclassing versatility
[git] WW-5348 Introduce protected #logPatternChange method
------------------------------------------
[...truncated 824.34 KB...]
[INFO] Running org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Running org.apache.tiles.web.jsp.taglib.UseAttributeTagTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.053 s - in org.apache.tiles.web.jsp.taglib.UseAttributeTagTest
[INFO] Running org.apache.tiles.web.startup.AbstractTilesListenerTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.023 s - in org.apache.tiles.web.startup.AbstractTilesListenerTest
[INFO] Running org.apache.tiles.template.AddListAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.AddListAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Running org.apache.tiles.template.AddAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.template.AddAttributeModelTest
[INFO] Running org.apache.tiles.template.PutAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.PutAttributeModelTest
[INFO] Running org.apache.tiles.template.DefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.DefinitionModelTest
[INFO] Running org.apache.tiles.template.PutListAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.PutListAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertTemplateModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertTemplateModelTest
[INFO] Running org.apache.tiles.template.SetCurrentContainerModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.SetCurrentContainerModelTest
[INFO] Running org.apache.tiles.template.InsertAttributeModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertAttributeModelTest
[INFO] Running org.apache.tiles.template.ImportAttributeModelTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ImportAttributeModelTest
[INFO] Running org.apache.tiles.template.GetAsStringModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.GetAsStringModelTest
[INFO] Running org.apache.tiles.template.DefaultAttributeResolverTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.DefaultAttributeResolverTest
[INFO] Running org.apache.tiles.template.ComposeStackUtilTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ComposeStackUtilTest
[INFO] Running org.apache.tiles.autotag.model.TemplateClassTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.006 s - in org.apache.tiles.autotag.model.TemplateClassTest
[INFO] Running org.apache.tiles.autotag.model.TemplateParameterTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateParameterTest
[INFO] Running org.apache.tiles.autotag.model.TemplateSuiteTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateSuiteTest
[INFO] Running org.apache.tiles.autotag.model.TemplateMethodTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateMethodTest
[INFO] Running org.apache.tiles.autotag.runtime.AbstractModelBodyTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.005 s - in org.apache.tiles.autotag.runtime.AbstractModelBodyTest
[INFO] Running org.apache.tiles.autotag.runtime.util.NullWriterTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.runtime.util.NullWriterTest
[INFO] Running org.apache.tiles.autotag.jsp.JspTemplateGeneratorFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.045 s - in org.apache.tiles.autotag.jsp.JspTemplateGeneratorFactoryTest
[INFO] Running org.apache.tiles.autotag.jsp.TLDGeneratorTest
SLF4J: No SLF4J providers were found.
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See https://www.slf4j.org/codes.html#noProviders for further details.
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.433 s - in org.apache.tiles.autotag.jsp.TLDGeneratorTest
[INFO] Running org.apache.tiles.autotag.jsp.TagClassGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.093 s - in org.apache.tiles.autotag.jsp.TagClassGeneratorTest
[INFO] Running org.apache.tiles.autotag.freemarker.FMTemplateGeneratorFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.freemarker.FMTemplateGeneratorFactoryTest
[INFO] Running org.apache.tiles.autotag.freemarker.FMModelGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.041 s - in org.apache.tiles.autotag.freemarker.FMModelGeneratorTest
[INFO] Running org.apache.tiles.autotag.freemarker.FMModelRepositoryGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.024 s - in org.apache.tiles.autotag.freemarker.FMModelRepositoryGeneratorTest
[INFO] Running org.apache.tiles.autotag.velocity.VelocityPropertiesGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.023 s - in org.apache.tiles.autotag.velocity.VelocityPropertiesGeneratorTest
[INFO] Running org.apache.tiles.autotag.velocity.VelocityDirectiveGeneratorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.034 s - in org.apache.tiles.autotag.velocity.VelocityDirectiveGeneratorTest
[INFO] Running org.apache.tiles.autotag.velocity.VelocityTemplateGeneratorFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.velocity.VelocityTemplateGeneratorFactoryTest
[INFO] Running org.apache.tiles.el.ScopeELResolverTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.el.ScopeELResolverTest
[INFO] Running org.apache.tiles.el.TilesContextBeanELResolverTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.el.TilesContextBeanELResolverTest
[INFO] Running org.apache.tiles.el.TilesContextELResolverTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.el.TilesContextELResolverTest
[INFO] Running org.apache.tiles.el.ELAttributeEvaluatorTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.057 s - in org.apache.tiles.el.ELAttributeEvaluatorTest
[INFO] Running org.apache.tiles.el.ELContextImplTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.el.ELContextImplTest
[INFO] Running org.apache.tiles.el.JspExpressionFactoryFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.007 s - in org.apache.tiles.el.JspExpressionFactoryFactoryTest
[INFO] Running org.apache.tiles.api.access.TilesAccessTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.access.TilesAccessTest
[INFO] Running org.apache.tiles.api.TilesContainerWrapperTest
[INFO] Tests run: 13, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.TilesContainerWrapperTest
[INFO] Running org.apache.tiles.api.ListAttributeTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.ListAttributeTest
[INFO] Running org.apache.tiles.api.NoSuchContainerExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.NoSuchContainerExceptionTest
[INFO] Running org.apache.tiles.api.ExpressionTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.ExpressionTest
[INFO] Running org.apache.tiles.api.preparer.PreparerExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.preparer.PreparerExceptionTest
[INFO] Running org.apache.tiles.api.AttributeTest
[INFO] Tests run: 14, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.AttributeTest
[INFO] Running org.apache.tiles.api.BasicAttributeContextTest
[INFO] Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.BasicAttributeContextTest
[INFO] Running org.apache.tiles.api.TilesExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.TilesExceptionTest
[INFO] Running org.apache.struts2.tiles.StrutsTilesAnnotationProcessorTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.struts2.tiles.StrutsTilesAnnotationProcessorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-tiles-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (49 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:22 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.836 s]
[INFO] Struts 2 Core ...................................... SUCCESS [03:03 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.457 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.817 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 12.042 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 7.487 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 15.968 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 12.138 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 12.095 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.625 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 20.126 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.681 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 17.042 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.845 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 14.063 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 7.318 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 8.241 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 14.208 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 9.130 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 10.264 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 3.954 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 4.677 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.414 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 12.747 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 8.477 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 17.422 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 11:30 min
[INFO] Finished at: 2023-10-01T06:12:52Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #192
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/192/display/redirect?page=changes>
Changes:
[Lukasz Lenart] Reverts version to 6.3.0-SNAPSHOT
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[Lukasz Lenart] Moves all CI notifications to commits@ list
[github] Update .asf.yaml
[github] Bump actions/checkout from 3 to 4
[github] Bump actions/upload-artifact from 3.1.2 to 3.1.3
[github] Bump actions/cache from 3.3.1 to 3.3.2
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0_1
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[Lukasz Lenart] Always delete uploaded file
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0_1
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
------------------------------------------
[...truncated 824.83 KB...]
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ImportAttributeModelTest
[INFO] Running org.apache.tiles.template.AddAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.AddAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertAttributeModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertAttributeModelTest
[INFO] Running org.apache.tiles.template.DefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.DefinitionModelTest
[INFO] Running org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Running org.apache.tiles.template.GetAsStringModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.GetAsStringModelTest
[INFO] Running org.apache.tiles.template.ComposeStackUtilTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ComposeStackUtilTest
[INFO] Running org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Running org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Running org.apache.tiles.request.AbstractViewRequestTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.028 s - in org.apache.tiles.request.AbstractViewRequestTest
[INFO] Running org.apache.tiles.request.RequestExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.RequestExceptionTest
[INFO] Running org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Running org.apache.tiles.request.render.StringRendererTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.StringRendererTest
[INFO] Running org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Running org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Running org.apache.tiles.request.render.DispatchRendererTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.DispatchRendererTest
[INFO] Running org.apache.tiles.request.collection.MapEntryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.002 s - in org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.01 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Running org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.ScopeMapTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapTest
[INFO] Tests run: 14, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.HeaderValuesMapTest
[INFO] Running org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Running org.apache.tiles.request.collection.KeySetTest
[INFO] Tests run: 17, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.KeySetTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapEntrySetTest
[INFO] Running org.apache.tiles.request.AbstractClientRequestTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.018 s - in org.apache.tiles.request.AbstractClientRequestTest
[INFO] Running org.apache.tiles.request.AbstractRequestTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.request.AbstractRequestTest
[INFO] Running org.apache.tiles.request.ApplicationAccessTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.ApplicationAccessTest
[INFO] Running org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Running org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Running org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Running org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Running org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Running org.apache.tiles.web.jsp.taglib.UseAttributeTagTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.03 s - in org.apache.tiles.web.jsp.taglib.UseAttributeTagTest
[INFO] Running org.apache.tiles.web.startup.AbstractTilesListenerTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.01 s - in org.apache.tiles.web.startup.AbstractTilesListenerTest
[INFO] Running org.apache.tiles.api.TilesContainerWrapperTest
[INFO] Tests run: 13, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.TilesContainerWrapperTest
[INFO] Running org.apache.tiles.api.AttributeTest
[INFO] Tests run: 14, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.AttributeTest
[INFO] Running org.apache.tiles.api.TilesExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.TilesExceptionTest
[INFO] Running org.apache.tiles.api.BasicAttributeContextTest
[INFO] Tests run: 20, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.BasicAttributeContextTest
[INFO] Running org.apache.tiles.api.preparer.PreparerExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.api.preparer.PreparerExceptionTest
[INFO] Running org.apache.tiles.api.access.TilesAccessTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.access.TilesAccessTest
[INFO] Running org.apache.tiles.api.NoSuchContainerExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.NoSuchContainerExceptionTest
[INFO] Running org.apache.tiles.api.ListAttributeTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.ListAttributeTest
[INFO] Running org.apache.tiles.api.ExpressionTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.api.ExpressionTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-tiles-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (37 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [04:07 min]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.593 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:56 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.315 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.134 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.225 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.956 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.460 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.711 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.886 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.371 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.245 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.204 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.696 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.137 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.508 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.121 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.127 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.085 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.092 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.904 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.284 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 2.892 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.818 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 8.663 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 5.710 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 11.532 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:42 min
[INFO] Finished at: 2023-09-22T06:09:59Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #191
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/191/display/redirect?page=changes>
Changes:
[git] WW-5336 Tidy up FreemarkerManager
[git] WW-5336 Deprecate OgnlTool
[git] WW-5336 Clean up StrutsUtil
[git] WW-5336 Deprecate OGNL in template context
[git] WW-5336 Reduce cognitive complexity #makeSelectList
[git] WW-5336 Switch to HashMap as concurrency handling not required
[git] WW-5336 Update JavaDoc VelocityManager
[Lukasz Lenart] Drops duplicated dependency
[git] WW-5336 Fix visibility warnings
[git] WW-5336 Correct assertions and add test case
[git] WW-5336 Move XML comment to be clearer
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[git] WW-5334 Fix empty chained context name
------------------------------------------
[...truncated 837.21 KB...]
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.SetCurrentContainerModelTest
[INFO] Running org.apache.tiles.template.ImportAttributeModelTest
[INFO] Tests run: 9, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ImportAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertAttributeModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertAttributeModelTest
[INFO] Running org.apache.tiles.template.PutListAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.PutListAttributeModelTest
[INFO] Running org.apache.tiles.template.GetAsStringModelTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.GetAsStringModelTest
[INFO] Running org.apache.tiles.template.PutAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.PutAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertDefinitionModelTest
[INFO] Running org.apache.tiles.template.ComposeStackUtilTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.ComposeStackUtilTest
[INFO] Running org.apache.tiles.template.AddListAttributeModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.AddListAttributeModelTest
[INFO] Running org.apache.tiles.template.InsertTemplateModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.InsertTemplateModelTest
[INFO] Running org.apache.tiles.template.DefinitionModelTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.template.DefinitionModelTest
[INFO] Running org.apache.tiles.core.definition.DefinitionsFactoryExceptionTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.DefinitionsFactoryExceptionTest
[INFO] Running org.apache.tiles.core.definition.pattern.PrefixedPatternDefinitionResolverTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.PrefixedPatternDefinitionResolverTest
[INFO] Running org.apache.tiles.core.definition.pattern.PatternUtilTest
[INFO] Tests run: 11, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.PatternUtilTest
[INFO] Running org.apache.tiles.core.definition.pattern.AbstractPatternDefinitionResolverTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.AbstractPatternDefinitionResolverTest
[INFO] Running org.apache.tiles.core.definition.pattern.wildcard.WildcardDefinitionPatternMatcherFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.wildcard.WildcardDefinitionPatternMatcherFactoryTest
[INFO] Running org.apache.tiles.core.definition.pattern.wildcard.WildcardDefinitionPatternMatcherTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.wildcard.WildcardDefinitionPatternMatcherTest
[INFO] Running org.apache.tiles.core.definition.pattern.regexp.RegexpDefinitionPatternMatcherFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.regexp.RegexpDefinitionPatternMatcherFactoryTest
[INFO] Running org.apache.tiles.core.definition.pattern.regexp.RegexpDefinitionPatternMatcherTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.regexp.RegexpDefinitionPatternMatcherTest
[INFO] Running org.apache.tiles.core.definition.pattern.BasicPatternDefinitionResolverTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.pattern.BasicPatternDefinitionResolverTest
[INFO] Running org.apache.tiles.core.definition.dao.BaseLocaleUrlDefinitionDAOTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.125 s - in org.apache.tiles.core.definition.dao.BaseLocaleUrlDefinitionDAOTest
[INFO] Running org.apache.tiles.core.definition.dao.CachingLocaleUrlDefinitionDAOTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.149 s - in org.apache.tiles.core.definition.dao.CachingLocaleUrlDefinitionDAOTest
[INFO] Running org.apache.tiles.core.definition.dao.ResolvingLocaleUrlDefinitionDAOTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.096 s - in org.apache.tiles.core.definition.dao.ResolvingLocaleUrlDefinitionDAOTest
[INFO] Running org.apache.tiles.core.definition.UnresolvingLocaleDefinitionsFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.UnresolvingLocaleDefinitionsFactoryTest
[INFO] Running org.apache.tiles.core.definition.digester.DigesterDefinitionsReaderExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.digester.DigesterDefinitionsReaderExceptionTest
[INFO] Running org.apache.tiles.core.definition.NoSuchDefinitionExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.definition.NoSuchDefinitionExceptionTest
[INFO] Running org.apache.tiles.core.util.CombinedBeanInfoTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.util.CombinedBeanInfoTest
[INFO] Running org.apache.tiles.core.evaluator.EvaluatorExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.evaluator.EvaluatorExceptionTest
[INFO] Running org.apache.tiles.core.evaluator.BasicAttributeEvaluatorFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.evaluator.BasicAttributeEvaluatorFactoryTest
[INFO] Running org.apache.tiles.core.evaluator.impl.DirectAttributeEvaluatorTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.evaluator.impl.DirectAttributeEvaluatorTest
[INFO] Running org.apache.tiles.core.renderer.DefinitionRendererTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.renderer.DefinitionRendererTest
[INFO] Running org.apache.tiles.core.factory.NoSuchPreparerExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.factory.NoSuchPreparerExceptionTest
[INFO] Running org.apache.tiles.core.factory.BasicTilesContainerFactoryTest
[INFO] Tests run: 12, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.factory.BasicTilesContainerFactoryTest
[INFO] Running org.apache.tiles.core.factory.BasicPreparerFactoryTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.factory.BasicPreparerFactoryTest
[INFO] Running org.apache.tiles.core.factory.TilesContainerFactoryExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.factory.TilesContainerFactoryExceptionTest
[INFO] Running org.apache.tiles.core.startup.AbstractTilesInitializerTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.startup.AbstractTilesInitializerTest
[INFO] Running org.apache.tiles.core.impl.DefaultLocaleResolverTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.DefaultLocaleResolverTest
[INFO] Running org.apache.tiles.core.impl.BasicTilesContainerTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.BasicTilesContainerTest
[INFO] Running org.apache.tiles.core.impl.mgmt.CachingTilesContainerTest
[INFO] Tests run: 11, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.mgmt.CachingTilesContainerTest
[INFO] Running org.apache.tiles.core.impl.CannotRenderExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.CannotRenderExceptionTest
[INFO] Running org.apache.tiles.core.impl.BasicTilesContainerUnitTest
[INFO] Tests run: 30, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.core.impl.BasicTilesContainerUnitTest
[INFO] Running org.apache.tiles.core.impl.InvalidTemplateExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.core.impl.InvalidTemplateExceptionTest
[INFO] Running org.apache.tiles.ognl.DelegatePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.ognl.DelegatePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.TilesContextPropertyAccessorDelegateFactoryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.ognl.TilesContextPropertyAccessorDelegateFactoryTest
[INFO] Running org.apache.tiles.ognl.ScopePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.ScopePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.AnyScopePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.AnyScopePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.OGNLAttributeEvaluatorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.046 s - in org.apache.tiles.ognl.OGNLAttributeEvaluatorTest
[INFO] Running org.apache.tiles.ognl.NestedObjectDelegatePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.NestedObjectDelegatePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.TilesApplicationContextNestedObjectExtractorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.TilesApplicationContextNestedObjectExtractorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-tiles-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.4.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (40 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.4.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [ 52.141 s]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.438 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:54 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.264 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.701 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.658 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.296 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.236 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.353 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.537 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.163 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.920 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.165 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.771 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.117 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 7.010 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.837 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 4.701 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.429 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.518 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.647 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 2.115 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 2.893 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.396 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.814 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 5.194 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 11.740 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:13 min
[INFO] Finished at: 2023-09-01T06:06:33Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #190
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/190/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5233 Introduces Tiles base code into the Tiles plugin
[Lukasz Lenart] WW-5233 Disables XML external entity parsing
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_3_0_RC1
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[Lukasz Lenart] WW-5327 Stops using JavaBeans notation for setters
[Lukasz Lenart] Excludes BeanMap
[Lukasz Lenart] Ignores class existence
[Lukasz Lenart] Extends exclusion list
[Lukasz Lenart] WW-5327 Makes deprecated setters operational
[Lukasz Lenart] WW-5327 Makes deprecated setters operational
[Lukasz Lenart] WW-5329 Upgrades xstream to version 1.4.20
[github] Update StreamResult.java
[git] WW-5332 Add validation for package name parsing
[git] WW-5332 Add additional test cases
[Lukasz Lenart] WW-5331 Uses proper signature of get()
[Lukasz Lenart] Defines a proper CODEOWNERS file
[Lukasz Lenart] WW-5327 Removes duplicated exclusion
[Lukasz Lenart] Increases wait time to avoid failing test
[Lukasz Lenart] Uses Java 17 to perform Code Quality check
[Lukasz Lenart] WW-5327 Removes all duplicated excluded classes
[Lukasz Lenart] Uses verify phase instead of just test to run integration tests
[Lukasz Lenart] Reverts to test phase only when running on JDK 8 & 11 to avoid integration tests clash
[Lukasz Lenart] WW-5331 Covers new logic with tests
[Lukasz Lenart] WW-5331 Adds missing header with licence
[Lukasz Lenart] WW-5331 Adds tests covering ApplicationMap
[git] WW-5334 Correct struts2-xslt-plugin pom
[git] WW-5334 Plugins don't need to include core as compile scope
[git] WW-5334 Include Mockito as test dependency for all plugins
[git] WW-5334 Fix Portlet plugin dependency scopes
[git] WW-5334 Fix Junit module README
[git] WW-5334 Remove unnecessary Mockito exclusion
[git] WW-5334 Extract Portlet test case into own module
[git] WW-5334 Remove redundant declaration of javax.servlet-api
[git] WW-5334 Extract javax.servlet-api into parent POM
[git] WW-5334 Add struts2-junit-plugin as test scope to struts2-velocity-plugin
[git] WW-5334 Extract StrutsPortletTestCaseTest and fix tests
[git] WW-5334 Clean up bean-validation pom
[git] WW-5334 Lift log4j dependencies
[git] WW-5334 Remove redundant dependency from portlet pom
[git] WW-5334 Misc corrections
[git] WW-5334 Remove unnecessary Spring override
[git] WW-5334 Remove plugin dependency on commons-lang3 (provided by core)
[git] WW-5334 Remove other unneeded declarations
[git] WW-5334 Fix log4j binding
[git] WW-5334 Delete unneeded override (moved to StrutsPortletTestCaseTest)
[git] WW-5334 Remove unused imports ContextUtil
[git] WW-5334 Clean up VelocityStrutsUtil
[git] WW-5334 Clean up VelocityManager#applyDefaultConfiguration
[git] WW-5334 Clean up VelocityManager context creation
[git] WW-5334 Remove unused import XWorkTestCase
[git] WW-5334 Modernise VelocityResultTest
[git] WW-5334 Add basic unit tests for VelocityManager
[git] WW-5334 Fix license for VelocityManagerTest
[git] WW-5334 Add AssertJ as default plugin test dependency
[git] WW-5334 Add further unit tests to VelocityManagerTest
[git] WW-5334 Extract ConventionJUnit4Test into correct module
[Lukasz Lenart] WW-5331 Adds missing @Override annotations
[git] WW-5337 Catch PatternSyntaxException and ensure ConfigurationException thrown
[git] WW-5337 Minor clean up OgnlUtil
[git] WW-5337 Strip trailing periods from package names provided as not needed
[git] WW-5337 Make #isExcludedPackageNamePatterns more succinct
[git] WW-5337 Make #isClassExcluded (semantics changes) and #isExcludedPackageExempt constant time
[git] WW-5337 Make #isExcludedPackageNames runtime proportional to no. of package parts rather than no. of excluded packages
[git] WW-5337 Update struts-excluded-classes.xml to not have trailing periods
[git] WW-5337 Revert Object special handling
[git] WW-5337 Drop superinterface/superclass banning test
[git] WW-5337 Fix #testPackageNameExclusionAsCommaDelimited
[git] WW-5337 Initialise default exclusions one-time in SecurityMemberAccess (more performant)
------------------------------------------
[...truncated 805.19 KB...]
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.freemarker.FMTemplateGeneratorFactoryTest
[INFO] Running org.apache.tiles.autotag.model.TemplateParameterTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateParameterTest
[INFO] Running org.apache.tiles.autotag.model.TemplateClassTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.004 s - in org.apache.tiles.autotag.model.TemplateClassTest
[INFO] Running org.apache.tiles.autotag.model.TemplateSuiteTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.autotag.model.TemplateSuiteTest
[INFO] Running org.apache.tiles.autotag.model.TemplateMethodTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.autotag.model.TemplateMethodTest
[INFO] Running org.apache.tiles.ognl.NestedObjectDelegatePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.021 s - in org.apache.tiles.ognl.NestedObjectDelegatePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.TilesContextPropertyAccessorDelegateFactoryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.ognl.TilesContextPropertyAccessorDelegateFactoryTest
[INFO] Running org.apache.tiles.ognl.AnyScopePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.AnyScopePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.OGNLAttributeEvaluatorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.057 s - in org.apache.tiles.ognl.OGNLAttributeEvaluatorTest
[INFO] Running org.apache.tiles.ognl.TilesApplicationContextNestedObjectExtractorTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.TilesApplicationContextNestedObjectExtractorTest
[INFO] Running org.apache.tiles.ognl.ScopePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.ScopePropertyAccessorTest
[INFO] Running org.apache.tiles.ognl.DelegatePropertyAccessorTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.ognl.DelegatePropertyAccessorTest
[INFO] Running org.apache.tiles.request.AbstractRequestTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.request.AbstractRequestTest
[INFO] Running org.apache.tiles.request.AbstractViewRequestTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.022 s - in org.apache.tiles.request.AbstractViewRequestTest
[INFO] Running org.apache.tiles.request.RequestExceptionTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.RequestExceptionTest
[INFO] Running org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.CannotInstantiateObjectExceptionTest
[INFO] Running org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.reflect.ClassUtilTest
[INFO] Running org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.DispatchRequestWrapperTest
[INFO] Running org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.ChainedDelegateRendererTest
[INFO] Running org.apache.tiles.request.render.DispatchRendererTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.DispatchRendererTest
[INFO] Running org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.BasicRendererFactoryTest
[INFO] Running org.apache.tiles.request.render.StringRendererTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.StringRendererTest
[INFO] Running org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.render.NoSuchRendererExceptionTest
[INFO] Running org.apache.tiles.request.AbstractClientRequestTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.005 s - in org.apache.tiles.request.AbstractClientRequestTest
[INFO] Running org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.NotAvailableFeatureExceptionTest
[INFO] Running org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.AddableParameterMapTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapTest
[INFO] Tests run: 14, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.request.collection.HeaderValuesMapTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.ScopeMapTest
[INFO] Running org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryArrayValuesTest
[INFO] Running org.apache.tiles.request.collection.MapEntryTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.MapEntryTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.008 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapTest
[INFO] Running org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.ScopeMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.CollectionUtilTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.001 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.KeySetTest
[INFO] Tests run: 17, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.004 s - in org.apache.tiles.request.collection.KeySetTest
[INFO] Running org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.005 s - in org.apache.tiles.request.collection.ReadOnlyEnumerationMapValuesCollectionTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.004 s - in org.apache.tiles.request.collection.HeaderValuesMapEntrySetTest
[INFO] Running org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Tests run: 4, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.collection.RemovableKeySetTest
[INFO] Running org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Tests run: 16, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.002 s - in org.apache.tiles.request.collection.HeaderValuesCollectionTest
[INFO] Running org.apache.tiles.request.ApplicationAccessTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.ApplicationAccessTest
[INFO] Running org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.LocaleUtilTest
[INFO] Running org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.PostfixedApplicationResourceTest
[INFO] Running org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.request.locale.URLApplicationResourceTest
[INFO] Running org.apache.tiles.el.JspExpressionFactoryFactoryTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.007 s - in org.apache.tiles.el.JspExpressionFactoryFactoryTest
[INFO] Running org.apache.tiles.el.ScopeELResolverTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.008 s - in org.apache.tiles.el.ScopeELResolverTest
[INFO] Running org.apache.tiles.el.TilesContextELResolverTest
[INFO] Tests run: 7, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.003 s - in org.apache.tiles.el.TilesContextELResolverTest
[INFO] Running org.apache.tiles.el.ELAttributeEvaluatorTest
[INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.039 s - in org.apache.tiles.el.ELAttributeEvaluatorTest
[INFO] Running org.apache.tiles.el.TilesContextBeanELResolverTest
[INFO] Tests run: 10, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0 s - in org.apache.tiles.el.TilesContextBeanELResolverTest
[INFO] Running org.apache.tiles.el.ELContextImplTest
[INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.009 s - in org.apache.tiles.el.ELContextImplTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 540, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 483 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 482 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.3.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-tiles-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-tiles-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-tiles-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-6.3.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-tiles-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (6 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/tiles/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Tiles Plugin:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
javax.el-3.0.1-b12.jar (pkg:maven/org.glassfish/javax.el@3.0.1-b12) : CVE-2021-28170
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.3.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... SUCCESS [ 10.418 s]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.291 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:48 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.170 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.372 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.099 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.076 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.331 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.532 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.061 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.478 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.092 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 2.684 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 8.776 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 2.747 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 6.952 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.475 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 4.666 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.340 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 4.884 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SUCCESS [ 6.357 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SUCCESS [ 1.924 s]
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SUCCESS [ 2.611 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.103 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 8.005 s]
[INFO] DEPRECATED: Struts 2 Portlet JUnit Plugin - since 6.3.0 SUCCESS [ 4.986 s]
[INFO] Struts 2 Tiles Plugin .............................. FAILURE [ 11.181 s]
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:20 min
[INFO] Finished at: 2023-08-22T06:05:45Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-tiles-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] javax.el-3.0.1-b12.jar: CVE-2021-28170(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-tiles-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #189
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/189/display/redirect?page=changes>
Changes:
[github] Bump net.sf.jasperreports:jasperreports from 6.19.1 to 6.20.5
[github] Bump jackson.version from 2.14.1 to 2.15.2
[Lukasz Lenart] Unifies versions
[Lukasz Lenart] Reverts JAXB implementation to pre-Jakarta version
[Lukasz Lenart] WW-5325 Upgrades commons-lang3 to version 3.13.0
------------------------------------------
[...truncated 846.40 KB...]
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.3.0-SNAPSHOT [23/38]
[INFO] from plugins/oval/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Aug 01, 2023 6:05:23 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@16d04d3d
Aug 01, 2023 6:05:23 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@f2ff811
Aug 01, 2023 6:05:23 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e683a3e
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@71ba6d4e
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@723ca036
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2235eaab
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@560348e6
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6aa61224
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6bb75258
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@72a85671
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@51e4ccb3
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@70fab835
Aug 01, 2023 6:05:24 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@71f67a79
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5a2f016d
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e8823d2
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@41c89d2f
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@32fdec40
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@73d69c0f
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@48bfb884
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@368d5c00
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@660591fb
Aug 01, 2023 6:05:25 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@660591fb
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.387 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (6 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.13.0.jar (pkg:maven/commons-io/commons-io@2.13.0, cpe:2.3:a:apache:commons_io:2.13.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.13.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.3.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.437 s]
[INFO] Struts 2 ........................................... SUCCESS [ 11.103 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:56 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.131 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.979 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.662 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.744 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 5.122 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.263 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.494 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.197 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 9.870 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 2.995 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 8.273 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.635 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.511 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.600 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 7.156 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.650 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.162 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.816 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.390 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.229 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:09 min
[INFO] Finished at: 2023-08-01T06:05:28Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #188
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/188/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5315 Upgrades ASM to version 9.5
[Lukasz Lenart] WW-5316 Upgrades commons-io to version 2.13.0
[Lukasz Lenart] WW-5317 Upgrades log4j to version 2.20.0
[Sebastian.Peters] Update maven-dependency-plugin to 3.6.0
[Sebastian.Peters] Migrate legacy dependency-maven-plugin from codehaus
[Herve Boutemy] WW-5320 upgrade Felix Maven Bundle Plugin
[Lukasz Lenart] WW-5318 Upgrades slf4j to version 2.0.7
[Lukasz Lenart] Adds missing Dependabot config
[github] Bump osgi.core from 7.0.0 to 8.0.0
[github] Bump actions/upload-artifact from 3.1.0 to 3.1.2
[github] Bump stax2-api from 4.2 to 4.2.1
[github] Bump ossf/scorecard-action from 2.0.6 to 2.2.0
[github] Bump actions/cache from 3.0.8 to 3.3.1
[github] Bump assertj-core from 3.15.0 to 3.24.2
[github] Bump jaxb-impl from 2.3.2 to 4.0.3
------------------------------------------
[...truncated 808.88 KB...]
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.13.0.jar (pkg:maven/commons-io/commons-io@2.13.0, cpe:2.3:a:apache:commons_io:2.13.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.13.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.3.0-SNAPSHOT [23/38]
[INFO] from plugins/oval/pom.xml
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- bundle:5.1.9:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jul 22, 2023 6:08:36 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@16d04d3d
Jul 22, 2023 6:08:36 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@f2ff811
Jul 22, 2023 6:08:36 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e683a3e
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@71ba6d4e
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@723ca036
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2235eaab
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@560348e6
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6aa61224
Jul 22, 2023 6:08:37 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6bb75258
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@72a85671
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@51e4ccb3
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@70fab835
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@71f67a79
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5a2f016d
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e8823d2
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@41c89d2f
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@32fdec40
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@73d69c0f
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@48bfb884
Jul 22, 2023 6:08:38 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@76911385
Jul 22, 2023 6:08:39 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7ca0863b
Jul 22, 2023 6:08:39 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7ca0863b
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.63 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (66 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (3 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.13.0.jar (pkg:maven/commons-io/commons-io@2.13.0, cpe:2.3:a:apache:commons_io:2.13.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.13.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.3.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.064 s]
[INFO] Struts 2 ........................................... SUCCESS [01:08 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:10 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.994 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.769 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.293 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 8.322 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.656 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 5.279 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 17.079 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.666 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 12.910 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.988 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 13.275 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.252 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 11.629 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.622 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 13.476 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.985 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.831 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 12.882 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.415 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 10.193 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:29 min
[INFO] Finished at: 2023-07-22T06:08:44Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #187
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/187/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5310 Supports fragment in URL
[git] WW-5314 Do not log warnings for bad user input from JakartaMultiPartRequest
[git] WW-5314 Update log level in JakartaStreamMultiPartRequest
[Lukasz Lenart] WW-5310 Deprecates the old API in favour of new one
[Lukasz Lenart] [maven-release-plugin] prepare release STRUTS_6_2_0
[Lukasz Lenart] [maven-release-plugin] prepare for next development iteration
[Lukasz Lenart] Enables Dependabot updates
------------------------------------------
[...truncated 837.25 KB...]
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- bundle:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
Jul 01, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
Jul 01, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
Jul 01, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
Jul 01, 2023 6:11:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
Jul 01, 2023 6:11:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.776 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.3.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (44 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.3.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.114 s]
[INFO] Struts 2 ........................................... SUCCESS [04:24 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:14 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.870 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 6.069 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 11.277 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 8.330 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.576 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 6.113 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 18.208 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.961 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 15.062 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 5.041 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 13.823 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.430 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 12.296 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.933 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 13.445 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 6.580 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 8.095 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 15.091 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.887 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.798 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10:58 min
[INFO] Finished at: 2023-07-01T06:11:49Z
[INFO] ------------------------------------------------------------------------
[WARNING]
[WARNING] Plugin validation issues were detected in 14 plugin(s)
[WARNING]
[WARNING] * org.apache.maven.plugins:maven-jar-plugin:3.2.0
[WARNING] * org.apache.maven.plugins:maven-compiler-plugin:3.8.1
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
[WARNING] * org.apache.felix:maven-bundle-plugin:5.1.6
[WARNING] * com.cj.jshintmojo:jshint-maven-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-source-plugin:3.2.1
[WARNING] * org.apache.maven.plugins:maven-resources-plugin:3.1.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.9.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.7.1
[WARNING] * org.apache.maven.plugins:maven-remote-resources-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:1.4.1
[WARNING] * org.owasp:dependency-check-maven:7.2.0
[WARNING] * org.apache.rat:apache-rat-plugin:0.15
[WARNING] * org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
[WARNING]
[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
[WARNING]
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #186
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/186/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5261 Avoids creating ValueStack if no ActionContext is available
[Yasser Zamani] add some improvements
------------------------------------------
[...truncated 865.21 KB...]
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- bundle:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
Jun 22, 2023 6:06:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
Jun 22, 2023 6:06:21 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
Jun 22, 2023 6:06:22 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.379 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (32 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.474 s]
[INFO] Struts 2 ........................................... SUCCESS [ 49.728 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:02 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.563 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.027 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.542 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.553 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 6.908 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.492 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.672 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.382 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.299 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.500 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.172 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 5.384 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.893 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.509 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.730 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.017 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.355 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.063 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.111 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.958 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:07 min
[INFO] Finished at: 2023-06-22T06:06:25Z
[INFO] ------------------------------------------------------------------------
[WARNING]
[WARNING] Plugin validation issues were detected in 14 plugin(s)
[WARNING]
[WARNING] * org.apache.maven.plugins:maven-jar-plugin:3.2.0
[WARNING] * org.apache.maven.plugins:maven-compiler-plugin:3.8.1
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
[WARNING] * org.apache.felix:maven-bundle-plugin:5.1.6
[WARNING] * com.cj.jshintmojo:jshint-maven-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-source-plugin:3.2.1
[WARNING] * org.apache.maven.plugins:maven-resources-plugin:3.1.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.9.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.7.1
[WARNING] * org.apache.maven.plugins:maven-remote-resources-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:1.4.1
[WARNING] * org.owasp:dependency-check-maven:7.2.0
[WARNING] * org.apache.rat:apache-rat-plugin:0.15
[WARNING] * org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
[WARNING]
[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
[WARNING]
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #185
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/185/display/redirect?page=changes>
Changes:
[git] WW-5301 Fix custom VelocityManager bean selection
[43964333+JCgH4164838Gh792C124B5] Update:
[Lukasz Lenart] WW-5310 Properly parses param value with equal sign
[43964333+JCgH4164838Gh792C124B5] Update:
------------------------------------------
[...truncated 1.19 MB...]
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- bundle:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
Jun 01, 2023 6:06:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
Jun 01, 2023 6:06:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
Jun 01, 2023 6:06:31 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
Jun 01, 2023 6:06:31 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.419 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (46 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.553 s]
[INFO] Struts 2 ........................................... SUCCESS [ 54.156 s]
[INFO] Struts 2 Core ...................................... SUCCESS [02:01 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.612 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.858 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.689 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 6.226 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 6.676 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.795 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.293 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.444 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 10.305 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.510 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.350 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 5.559 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.833 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.426 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 9.932 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.811 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.061 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.635 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 6.950 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.632 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:14 min
[INFO] Finished at: 2023-06-01T06:06:34Z
[INFO] ------------------------------------------------------------------------
[WARNING]
[WARNING] Plugin validation issues were detected in 14 plugin(s)
[WARNING]
[WARNING] * org.apache.maven.plugins:maven-jar-plugin:3.2.0
[WARNING] * org.apache.maven.plugins:maven-compiler-plugin:3.8.1
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
[WARNING] * org.apache.felix:maven-bundle-plugin:5.1.6
[WARNING] * com.cj.jshintmojo:jshint-maven-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-source-plugin:3.2.1
[WARNING] * org.apache.maven.plugins:maven-resources-plugin:3.1.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.9.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.7.1
[WARNING] * org.apache.maven.plugins:maven-remote-resources-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:1.4.1
[WARNING] * org.owasp:dependency-check-maven:7.2.0
[WARNING] * org.apache.rat:apache-rat-plugin:0.15
[WARNING] * org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
[WARNING]
[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
[WARNING]
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #184
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/184/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5280 Cleans up NoParameters interfaces
[Lukasz Lenart] WW-5302 Evaluates attributes before using them to generate the id attribute
[Lukasz Lenart] WW-5304 Drops deprecated methods and fields in ActionContext
[rene.fischer] Improve doc on s:datetextfield
[rene.fischer] renamed datetext.ftl to datetextfield.ftl to align with the intended behaviour see https://issues.apache.org/jira/browse/WW-4434
[Greg Huber] WW-5308 Java templates plugin, add minlength and maxlength to textarea.
[github] Bump testng from 7.5 to 7.5.1
[github] Bump spring-core from 5.3.26 to 5.3.27
[Lukasz Lenart] WW-5302 Adds additional test case to cover evaluating action & method attribute at the same time
[Lukasz Lenart] WW-5296 Uses proper DTDs
[Lukasz Lenart] WW-5309 Supports patterns starting with variable
------------------------------------------
[...truncated 1.17 MB...]
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- remote-resources:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- resources:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- bundle:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- resources:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- compiler:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- surefire:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
May 22, 2023 6:12:12 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
May 22, 2023 6:12:13 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
May 22, 2023 6:12:13 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
May 22, 2023 6:12:13 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
May 22, 2023 6:12:13 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
May 22, 2023 6:12:13 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
May 22, 2023 6:12:13 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
May 22, 2023 6:12:13 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
May 22, 2023 6:12:14 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
May 22, 2023 6:12:15 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
May 22, 2023 6:12:15 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
May 22, 2023 6:12:15 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
May 22, 2023 6:12:15 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
May 22, 2023 6:12:15 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.633 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- jar:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> source:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- enforcer:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< source:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- source:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- site:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (69 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.722 s]
[INFO] Struts 2 ........................................... SUCCESS [04:48 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:02 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.794 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.691 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 11.575 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 8.358 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.461 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.934 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 18.885 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.822 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 14.449 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 5.086 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 13.329 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.180 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 12.029 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 12.200 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 11.792 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.944 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.645 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 13.444 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 9.190 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.706 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 11:05 min
[INFO] Finished at: 2023-05-22T06:12:20Z
[INFO] ------------------------------------------------------------------------
[WARNING]
[WARNING] Plugin validation issues were detected in 14 plugin(s)
[WARNING]
[WARNING] * org.apache.maven.plugins:maven-jar-plugin:3.2.0
[WARNING] * org.apache.maven.plugins:maven-compiler-plugin:3.8.1
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:3.1.0
[WARNING] * org.apache.felix:maven-bundle-plugin:5.1.6
[WARNING] * com.cj.jshintmojo:jshint-maven-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-source-plugin:3.2.1
[WARNING] * org.apache.maven.plugins:maven-resources-plugin:3.1.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.9.0
[WARNING] * org.apache.maven.plugins:maven-site-plugin:3.7.1
[WARNING] * org.apache.maven.plugins:maven-remote-resources-plugin:1.6.0
[WARNING] * org.apache.maven.plugins:maven-enforcer-plugin:1.4.1
[WARNING] * org.owasp:dependency-check-maven:7.2.0
[WARNING] * org.apache.rat:apache-rat-plugin:0.15
[WARNING] * org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M7
[WARNING]
[WARNING] For more or less details, use 'maven.plugin.validation' property with one of the values (case insensitive): [BRIEF, DEFAULT, VERBOSE]
[WARNING]
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #183
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/183/display/redirect>
Changes:
------------------------------------------
[...truncated 1.16 MB...]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
May 01, 2023 6:08:17 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
May 01, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
May 01, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
May 01, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
May 01, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
May 01, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
May 01, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
May 01, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
May 01, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
May 01, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
May 01, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
May 01, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
May 01, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
May 01, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
May 01, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
May 01, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
May 01, 2023 6:08:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
May 01, 2023 6:08:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
May 01, 2023 6:08:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
May 01, 2023 6:08:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
May 01, 2023 6:08:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
May 01, 2023 6:08:20 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.562 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (37 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.069 s]
[INFO] Struts 2 ........................................... SUCCESS [01:10 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:00 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.737 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.535 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.602 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 8.394 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.316 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.788 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 16.351 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.836 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 12.747 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.686 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 12.618 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.211 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 11.223 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.279 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 11.624 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.570 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.326 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 12.872 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 7.729 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.138 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:13 min
[INFO] Finished at: 2023-05-01T06:08:24Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #182
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/182/display/redirect?page=changes>
Changes:
[git] WW-5300 Make Dispatcher methods overridable
[git] WW-5299 Clean up ActionChainResult
[git] WW-5298 Clean up StrutsVelocityContext
[Lukasz Lenart] WW-5295 Adds support for java.time.LocalTime to <s:date/> tag
------------------------------------------
[...truncated 1.16 MB...]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Apr 22, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
Apr 22, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
Apr 22, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
Apr 22, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
Apr 22, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
Apr 22, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
Apr 22, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
Apr 22, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
Apr 22, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
Apr 22, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
Apr 22, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
Apr 22, 2023 6:11:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
Apr 22, 2023 6:11:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.715 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (45 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.166 s]
[INFO] Struts 2 ........................................... SUCCESS [04:25 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:01 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.800 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.501 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.742 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 7.488 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.021 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.868 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 17.231 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.593 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 13.042 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 5.144 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 12.874 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.284 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 11.635 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 13.044 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 13.339 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.473 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.475 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 14.194 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.563 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.269 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10:36 min
[INFO] Finished at: 2023-04-22T06:11:49Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #181
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/181/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5289 Fixes creating executor to avoid locking JVM on shutdown
------------------------------------------
[...truncated 1.17 MB...]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Apr 02, 2023 6:08:51 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3a93b025
Apr 02, 2023 6:08:51 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@37f1104d
Apr 02, 2023 6:08:51 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@24fcf36f
Apr 02, 2023 6:08:51 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@20140db9
Apr 02, 2023 6:08:51 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@433defed
Apr 02, 2023 6:08:52 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@448c8166
Apr 02, 2023 6:08:52 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5f20155b
Apr 02, 2023 6:08:52 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@45a4b042
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@485a3466
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5be067de
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1255b1d1
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@47428937
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@aa22f1c
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6831d8fd
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@30457e14
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@150d80c4
Apr 02, 2023 6:08:53 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31611954
Apr 02, 2023 6:08:54 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@400d912a
Apr 02, 2023 6:08:54 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@511d5d04
Apr 02, 2023 6:08:54 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4bdc8b5d
Apr 02, 2023 6:08:54 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
Apr 02, 2023 6:08:54 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1a5f7e7c
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 4.108 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (36 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (1 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.777 s]
[INFO] Struts 2 ........................................... SUCCESS [01:04 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:02 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.986 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 6.138 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.072 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 8.203 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 9.395 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.894 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 17.171 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.585 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 14.962 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.525 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 13.649 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 6.842 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 12.183 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 13.753 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 13.169 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.546 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 8.300 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 15.595 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 9.178 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 10.095 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:25 min
[INFO] Finished at: 2023-04-02T06:08:58Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #180
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/180/display/redirect?page=changes>
Changes:
[git] WW-5288 Make excluded package exemption logic more strict
[git] WW-5288 Export exempt classes as part of ConstantConfig
[git] WW-5288 Reinstate mistakenly deleted test classes and refactor
[git] WW-5293 Update deprecations
[git] WW-5293 Make Struts DTDs static
[git] WW-5293 Hide documents in XmlConfigurationProvider
[git] WW-5293 Split XmlConfigurationProvider into XmlDocConfigurationProvider Part 1
[git] WW-5293 Split XmlConfigurationProvider into XmlDocConfigurationProvider Part 2
[git] WW-5293 Split #buildActionConfig from #addAction
[git] WW-5293 Split #buildInterceptorConfig from #loadInterceptors
[git] WW-5293 Define protected field addedResultTypes and split #buildResultConfig from #buildResults
[git] WW-5293 Add protected #loadClass
[git] WW-5293 Fix trying to clear immutable list
[git] WW-5293 Split #buildResultTypeConfig from #addResultTypes and remove unused field and param
[git] WW-5293 Make more methods overridable
[git] WW-5293 Add JavaDoc for XmlDocConfigurationProvider class
[github] Bump spring-core from 5.3.23 to 5.3.26
------------------------------------------
[...truncated 6.11 KB...]
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-parent ---
[WARNING] Ignoring project type pom - supportedProjectTypes = [jar, bundle]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-parent ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Parsing exclusions from <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/.gitignore>
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 89 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 3 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 3 licenses.
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-parent >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-parent ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-parent ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-parent <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-parent ---
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-parent ---
[INFO] Attaching 'src/site/site.xml' site descriptor with classifier 'site'.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-parent ---
[INFO] Checking for updates
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; received response code 503; Service Unavailable
[ERROR] Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; received response code 503; Service Unavailable
[ERROR] Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:407)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:352)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:460)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:882)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:687)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:611)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1821)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1007)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:298)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:187)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:378)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:352)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:460)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:882)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:687)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:611)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1821)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1007)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:298)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:267)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:182)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:378)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:352)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:460)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:882)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:687)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:611)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1821)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1007)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:298)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; received response code 503; Service Unavailable
at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection (HttpResourceConnection.java:249)
at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch (HttpResourceConnection.java:163)
at org.owasp.dependencycheck.utils.Downloader.fetchContent (Downloader.java:182)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.doMetaDownload (NvdCveUpdater.java:378)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile (NvdCveUpdater.java:352)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded (NvdCveUpdater.java:460)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update (NvdCveUpdater.java:133)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:882)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase (Engine.java:687)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:611)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:1821)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1007)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:298)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[WARNING] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.902 s]
[INFO] Struts 2 ........................................... FAILURE [ 35.997 s]
[INFO] Struts 2 Core ...................................... SKIPPED
[INFO] Struts 2 Plugins ................................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SKIPPED
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... SKIPPED
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 45.089 s
[INFO] Finished at: 2023-03-26T06:02:16Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-parent: Fatal exception(s) analyzing Struts 2: One or more exceptions occurred during analysis:
[ERROR] UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta
[ERROR] caused by DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta'; Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
[ERROR] caused by DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; unable to connect.
[ERROR] caused by DownloadFailedException: Error retrieving https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.meta; received response code 503; Service Unavailable
[ERROR] NoDataException: No documents exist
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-parent
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #179
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/179/display/redirect?page=changes>
Changes:
[stefaan.dutry] WW-5196 use generics for RequestMap and ApplicationMap
[stefaan.dutry] WW-5196 rework SessionMap to also be defined with String keys and Object values
[stefaan.dutry] fix SessionMapTest
[stefaan.dutry] fix compile issue with SessionMap changes
[stefaan.dutry] fix more compile issues
[stefaan.dutry] fix another compilation issue after changes to sessionMap
[stefaan.dutry] remove unneeded toString call on String enumeration element
[stefaan.dutry] small changes after review
[git] WW-5266 Implement struts.multipart.maxFileSize
[git] WW-5266 Disable struts.multipart.maxFileSize by default
[stefaan.dutry] fix compilation failures after merging master
[stefaan.dutry] fix nonce test
[stefaan.dutry] add missing license headers
[stefaan.dutry] WW-5243 remove deprecated action prefix cross namespaces
[stefaan.dutry] WW-5251 remove deprecated interfaces related to ServletConfigInterceptor
[stefaan.dutry] WW-5253 Remove deprecated methods from DefaultUrlHelper
------------------------------------------
[...truncated 1.17 MB...]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Mar 19, 2023 6:11:39 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@52bf72b5
Mar 19, 2023 6:11:40 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@76ed1b7c
Mar 19, 2023 6:11:40 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@d29f28
Mar 19, 2023 6:11:40 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@229c6181
Mar 19, 2023 6:11:40 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@609e8838
Mar 19, 2023 6:11:40 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e16c0aa
Mar 19, 2023 6:11:40 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3336e6b6
Mar 19, 2023 6:11:40 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1f75a668
Mar 19, 2023 6:11:41 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@53f48368
Mar 19, 2023 6:11:41 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1991f767
Mar 19, 2023 6:11:41 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@62679465
Mar 19, 2023 6:11:41 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4a9cc6cb
Mar 19, 2023 6:11:41 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1c32886a
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@33a2499c
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@438bad7c
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@219f4597
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3e6fd0b9
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6d6cb754
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@17ae7628
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@749f539e
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3eed0f5
Mar 19, 2023 6:11:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3eed0f5
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.728 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (42 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (1 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.122 s]
[INFO] Struts 2 ........................................... SUCCESS [04:36 min]
[INFO] Struts 2 Core ...................................... SUCCESS [02:55 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.303 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 6.009 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.505 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 7.630 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.424 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.593 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 15.642 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.394 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 12.865 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.453 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 13.164 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.384 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 11.840 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.245 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 12.145 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.436 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.154 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 13.635 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.334 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.925 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 10:34 min
[INFO] Finished at: 2023-03-19T06:11:47Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #178
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/178/display/redirect?page=changes>
Changes:
[git] WW-5290 Refactor ConfigurationManager
[git] WW-5290 Fix logging and needsReload loop
[git] WW-5292 Modernise unit tests
[git] WW-5292 Clean up TwoFilterIntegrationTest further
[git] WW-5292 Add integration test for forwarding from excluded url
[git] WW-5292 Add ability to override Operations classes in two filter setup
[git] WW-5292 Clean up URL exclusion logic
[git] WW-5292 Fix lack of Optional::get
------------------------------------------
[...truncated 1.15 MB...]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Mar 12, 2023 6:08:09 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@52bf72b5
Mar 12, 2023 6:08:10 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@76ed1b7c
Mar 12, 2023 6:08:10 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@d29f28
Mar 12, 2023 6:08:10 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@229c6181
Mar 12, 2023 6:08:10 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@609e8838
Mar 12, 2023 6:08:10 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e16c0aa
Mar 12, 2023 6:08:10 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3336e6b6
Mar 12, 2023 6:08:10 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1f75a668
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@53f48368
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1991f767
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@62679465
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4a9cc6cb
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1c32886a
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@33a2499c
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@438bad7c
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@219f4597
Mar 12, 2023 6:08:11 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3e6fd0b9
Mar 12, 2023 6:08:12 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6d6cb754
Mar 12, 2023 6:08:12 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@17ae7628
Mar 12, 2023 6:08:12 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@749f539e
Mar 12, 2023 6:08:12 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3eed0f5
Mar 12, 2023 6:08:12 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3eed0f5
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.531 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (45 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.215 s]
[INFO] Struts 2 ........................................... SUCCESS [01:09 min]
[INFO] Struts 2 Core ...................................... SUCCESS [02:56 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.420 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.399 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.059 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 7.566 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.071 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.672 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 16.191 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.693 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 11.923 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.370 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 12.294 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 7.374 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 10.701 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.345 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 13.011 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.333 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.190 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 12.053 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.146 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.277 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:04 min
[INFO] Finished at: 2023-03-12T06:08:16Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #177
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/177/display/redirect?page=changes>
Changes:
[git] WW-5268 Implement ability to specify exempt classes for package exclusions
[Lukasz Lenart] WW-5285 Limits max number of files to upload at once
[Lukasz Lenart] WW-5285 Uses Long and null to check if option has been defined
------------------------------------------
[...truncated 1.16 MB...]
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Mar 05, 2023 6:08:17 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6b81ce95
Mar 05, 2023 6:08:17 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2118cddf
Mar 05, 2023 6:08:17 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@57af006c
Mar 05, 2023 6:08:17 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@18df8434
Mar 05, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4082ba93
Mar 05, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@700fb871
Mar 05, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2bec854f
Mar 05, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5cdec700
Mar 05, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e1d3956
Mar 05, 2023 6:08:18 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@f6c03cb
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6d1d4d7
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@50687efb
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@46cc127b
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3f2049b6
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5987e932
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@456abb66
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@d59970a
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@17d238b1
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4a699efa
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31e32ea2
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@67001148
Mar 05, 2023 6:08:19 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@67001148
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.635 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (42 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.5.jar (pkg:maven/commons-fileupload/commons-fileupload@1.5, cpe:2.3:a:apache:commons_fileupload:1.5:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.5:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.543 s]
[INFO] Struts 2 ........................................... SUCCESS [01:11 min]
[INFO] Struts 2 Core ...................................... SUCCESS [02:56 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.654 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.248 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.690 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 7.341 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 8.295 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.709 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 15.949 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.345 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 12.399 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.370 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 13.603 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 6.799 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 11.022 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.426 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 12.839 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.596 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.159 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 13.191 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.251 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.126 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:09 min
[INFO] Finished at: 2023-03-05T06:08:24Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #176
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/176/display/redirect?page=changes>
Changes:
[git] WW-5284 Refactor ActionValidatorManager implementations
[git] WW-5284 Delete unnecessary override
------------------------------------------
[...truncated 1.18 MB...]
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Feb 26, 2023 6:08:27 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6b81ce95
Feb 26, 2023 6:08:27 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2118cddf
Feb 26, 2023 6:08:28 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@57af006c
Feb 26, 2023 6:08:28 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@18df8434
Feb 26, 2023 6:08:28 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4082ba93
Feb 26, 2023 6:08:28 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@700fb871
Feb 26, 2023 6:08:28 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2bec854f
Feb 26, 2023 6:08:28 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5cdec700
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@1e1d3956
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@f6c03cb
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6d1d4d7
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@50687efb
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@46cc127b
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@3f2049b6
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5987e932
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@456abb66
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@d59970a
Feb 26, 2023 6:08:29 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@17d238b1
Feb 26, 2023 6:08:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4a699efa
Feb 26, 2023 6:08:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31e32ea2
Feb 26, 2023 6:08:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@67001148
Feb 26, 2023 6:08:30 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@67001148
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.514 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (35 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.4.jar (pkg:maven/commons-fileupload/commons-fileupload@1.4, cpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533, CVE-2023-24998
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.152 s]
[INFO] Struts 2 ........................................... SUCCESS [01:13 min]
[INFO] Struts 2 Core ...................................... SUCCESS [02:59 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.569 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.649 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 9.841 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 7.419 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.846 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.945 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 16.298 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.508 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 14.646 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.635 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 12.985 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 6.948 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 11.278 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.474 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 11.233 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.844 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.424 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 13.022 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 7.859 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.359 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:14 min
[INFO] Finished at: 2023-02-26T06:08:34Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #175
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/175/display/redirect?page=changes>
Changes:
[Lukasz Lenart] WW-5275 Allows to provide a custom CspSettings per action
------------------------------------------
[...truncated 1.15 MB...]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0:
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.4.jar (pkg:maven/commons-fileupload/commons-fileupload@1.4, cpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Feb 19, 2023 6:05:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6d763516
Feb 19, 2023 6:05:42 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@68567e20
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@932bc4a
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4d154ccd
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2b30a42c
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@9816741
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@26adfd2d
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@78aa1f72
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4e28bdd1
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@18518ccf
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6865c751
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@142eef62
Feb 19, 2023 6:05:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5aceec94
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@ea27e34
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5bbbdd4b
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7da10b5b
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@53b98ff6
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@35e478f
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4905c46b
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5b5c0057
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31cb96e1
Feb 19, 2023 6:05:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31cb96e1
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.343 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (47 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.4.jar (pkg:maven/commons-fileupload/commons-fileupload@1.4, cpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.606 s]
[INFO] Struts 2 ........................................... SUCCESS [ 47.426 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:49 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.367 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.600 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.342 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.504 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 5.683 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.258 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.062 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.234 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 8.607 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.355 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.069 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.521 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.219 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.660 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 7.198 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.642 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 4.706 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.476 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.257 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.303 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:37 min
[INFO] Finished at: 2023-02-19T06:05:47Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #174
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/174/display/redirect>
Changes:
------------------------------------------
[...truncated 1.15 MB...]
commons-beanutils-1.9.4.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.4, cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.9.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-collections-3.2.2.jar (pkg:maven/commons-collections/commons-collections@3.2.2, cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:3.2.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester-2.1.jar (pkg:maven/commons-digester/commons-digester@2.1, cpe:2.3:a:apache:commons_net:2.1:*:*:*:*:*:*:*) : CVE-2021-37533
commons-digester3-3.2.jar (pkg:maven/org.apache.commons/commons-digester3@3.2, cpe:2.3:a:apache:commons_net:3.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-fileupload-1.4.jar (pkg:maven/commons-fileupload/commons-fileupload@1.4, cpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Feb 12, 2023 6:05:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6d763516
Feb 12, 2023 6:05:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@68567e20
Feb 12, 2023 6:05:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@932bc4a
Feb 12, 2023 6:05:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4d154ccd
Feb 12, 2023 6:05:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2b30a42c
Feb 12, 2023 6:05:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@9816741
Feb 12, 2023 6:05:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@26adfd2d
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@78aa1f72
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4e28bdd1
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@18518ccf
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6865c751
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@142eef62
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5aceec94
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@ea27e34
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5bbbdd4b
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7da10b5b
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@53b98ff6
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@35e478f
Feb 12, 2023 6:05:47 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4905c46b
Feb 12, 2023 6:05:48 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5b5c0057
Feb 12, 2023 6:05:48 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31cb96e1
Feb 12, 2023 6:05:48 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31cb96e1
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.375 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (37 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.4.jar (pkg:maven/commons-fileupload/commons-fileupload@1.4, cpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.577 s]
[INFO] Struts 2 ........................................... SUCCESS [ 43.462 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:51 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.399 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.430 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.742 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.401 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 5.879 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.331 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.542 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.326 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 8.900 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 3.535 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 9.169 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 4.774 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 7.360 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.032 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 8.327 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.598 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 4.642 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.251 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 5.439 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 6.333 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:39 min
[INFO] Finished at: 2023-02-12T06:05:51Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts » Struts-master-JDK8-dependency-check #173
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/173/display/redirect?page=changes>
Changes:
[git] WW-5270 Test for forwarding from Struts excluded URL to Struts Action
[git] WW-5270 Struts exclusion flag fix when forwarding
[git] WW-5270 Rework and fix Struts filter cleanup
[git] WW-5278 Collect common code into AbstractActionValidatorManager
[git] WW-5278 Fix incorrect logging statement
[git] WW-5279 Improve readability of XmlConfigurationProvider class
------------------------------------------
[...truncated 1.17 MB...]
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-logging-1.2.jar (pkg:maven/commons-logging/commons-logging@1.2, cpe:2.3:a:apache:commons_net:1.2:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
velocity-engine-core-2.3.jar/META-INF/maven/commons-io/commons-io/pom.xml (pkg:maven/commons-io/commons-io@2.8.0, cpe:2.3:a:apache:commons_io:2.8.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.8.0:*:*:*:*:*:*:*) : CVE-2021-37533
See the dependency-check report for more details.
[INFO]
[INFO] ---------------< org.apache.struts:struts2-oval-plugin >----------------
[INFO] Building DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 6.2.0-SNAPSHOT [23/38]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.6.0:process (process-resource-bundles) @ struts2-oval-plugin ---
[INFO] Preparing remote bundle org.apache:apache-jar-resource-bundle:1.4
[INFO] Copying 3 resources from 1 bundle.
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 5 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:compile (default-compile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 4 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes>
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java> uses or overrides a deprecated API.
[INFO] <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/src/main/java/org/apache/struts2/oval/interceptor/OValValidationInterceptor.java>: Recompile with -Xlint:deprecation for details.
[INFO]
[INFO] --- maven-bundle-plugin:5.1.6:manifest (bundle-manifest) @ struts2-oval-plugin ---
[INFO] No MANIFEST.MF file found, generating manifest.
[INFO] Writing manifest: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/classes/META-INF/MANIFEST.MF>
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-oval-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 4 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.8.1:testCompile (default-testCompile) @ struts2-oval-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 17 source files to <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ struts2-oval-plugin ---
[INFO] Using configured provider org.apache.maven.surefire.junitcore.JUnitCoreProvider
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
Feb 05, 2023 6:08:43 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6d763516
Feb 05, 2023 6:08:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@68567e20
Feb 05, 2023 6:08:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@932bc4a
Feb 05, 2023 6:08:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4d154ccd
Feb 05, 2023 6:08:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@2b30a42c
Feb 05, 2023 6:08:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@9816741
Feb 05, 2023 6:08:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@26adfd2d
Feb 05, 2023 6:08:44 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@78aa1f72
Feb 05, 2023 6:08:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4e28bdd1
Feb 05, 2023 6:08:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@18518ccf
Feb 05, 2023 6:08:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@6865c751
Feb 05, 2023 6:08:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@142eef62
Feb 05, 2023 6:08:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5aceec94
Feb 05, 2023 6:08:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@ea27e34
Feb 05, 2023 6:08:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5bbbdd4b
Feb 05, 2023 6:08:45 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@7da10b5b
Feb 05, 2023 6:08:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@53b98ff6
Feb 05, 2023 6:08:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@35e478f
Feb 05, 2023 6:08:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@4905c46b
Feb 05, 2023 6:08:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@5b5c0057
Feb 05, 2023 6:08:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31cb96e1
Feb 05, 2023 6:08:46 AM net.sf.oval.internal.Log info
INFO: Expression language 'ognl' registered: org.apache.struts2.oval.interceptor.ExpressionLanguageOGNL@31cb96e1
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 3.535 s - in org.apache.struts2.oval.interceptor.OValValidationInterceptorTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 22, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.15:check (default) @ struts2-oval-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 62 implicit excludes.
[INFO] 17 explicit excludes.
[INFO] 29 resources included
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 28 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.2.0:jar (default-jar) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.2.1:jar (attach-sources) > generate-sources @ struts2-oval-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce) @ struts2-oval-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-maven-version) @ struts2-oval-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.1:jar (attach-sources) < generate-sources @ struts2-oval-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.1:jar (attach-sources) @ struts2-oval-plugin ---
[INFO] Building jar: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/struts2-oval-plugin-6.2.0-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.9.0:attach-descriptor (attach-descriptor) @ struts2-oval-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:7.2.0:check (default) @ struts2-oval-plugin ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (36 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
? Sponsor: https://github.com/sponsors/jeremylong
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (3 seconds)
[INFO] Writing report to: <https://ci-builds.apache.org/job/Struts/job/Struts-master-JDK8-dependency-check/ws/plugins/oval/target/dependency-check-report.html>
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 OVal Plugin, since 6.0.0:
commons-fileupload-1.4.jar (pkg:maven/commons-fileupload/commons-fileupload@1.4, cpe:2.3:a:apache:commons_fileupload:1.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:1.4:*:*:*:*:*:*:*) : CVE-2021-37533
commons-io-2.9.0.jar (pkg:maven/commons-io/commons-io@2.9.0, cpe:2.3:a:apache:commons_io:2.9.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_net:2.9.0:*:*:*:*:*:*:*) : CVE-2021-37533
commons-text-1.10.0.jar (pkg:maven/org.apache.commons/commons-text@1.10.0, cpe:2.3:a:apache:commons_net:1.10.0:*:*:*:*:*:*:*, cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:*) : CVE-2021-37533
oval-3.2.1.jar (pkg:maven/net.sf.oval/oval@3.2.1, cpe:2.3:a:apache:commons_net:3.2.1:*:*:*:*:*:*:*) : CVE-2021-37533
xstream-1.4.19.jar (pkg:maven/com.thoughtworks.xstream/xstream@1.4.19, cpe:2.3:a:xstream_project:xstream:1.4.19:*:*:*:*:*:*:*) : CVE-2022-41966
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 6.2.0-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.536 s]
[INFO] Struts 2 ........................................... SUCCESS [01:27 min]
[INFO] Struts 2 Core ...................................... SUCCESS [03:01 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 4.120 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 5.418 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.187 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 7.472 s]
[INFO] Struts 2 Velocity Plugin ........................... SUCCESS [ 7.747 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 4.995 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 16.558 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 4.597 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin, since 6.0.0 SUCCESS [ 14.312 s]
[INFO] DEPRECATED: Struts 2 GXP Plugin - since 6.0.0 ...... SUCCESS [ 4.600 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 12.858 s]
[INFO] DEPRECATED: Struts 2 Portlet Mocks Plugin - since 6.0.0 SUCCESS [ 6.511 s]
[INFO] DEPRECATED: Struts 2 Portlet Plugin - since 6.0.0 .. SUCCESS [ 11.271 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.635 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 11.166 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 5.586 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 7.611 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 12.922 s]
[INFO] DEPRECATED: Struts 2 OSGi Plugin - since 6.0.0 ..... SUCCESS [ 8.069 s]
[INFO] DEPRECATED: Struts 2 OVal Plugin, since 6.0.0 ...... FAILURE [ 9.174 s]
[INFO] DEPRECATED: Struts 2 Pell Multipart Plugin - since 6.2.0 SKIPPED
[INFO] DEPRECATED: Struts 2 Plexus Plugin - since 6.0.0 ... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] DEPRECATED: Struts 2 Portlet Tiles Plugin - since 6.0.0 SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitemesh Plugin - since 6.0.0 . SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Bundles - since 6.0.0 .... SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Admin Bundle - since 6.0.0 SKIPPED
[INFO] DEPRECATED: Struts 2 OSGi Demo Bundle - since 6.0.0 SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:30 min
[INFO] Finished at: 2023-02-05T06:08:50Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.2.0:check (default) on project struts2-oval-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] xstream-1.4.19.jar: CVE-2022-41966(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :struts2-oval-plugin
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org