You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tika.apache.org by lewis john mcgibbney <le...@apache.org> on 2020/04/06 06:14:54 UTC
Tika master branch not building
Hi dev@,
Working on TIKA-3082, I just tried to build master branch
Downgrading my Java version to 1.8
java -version
java version "1.8.0_221"
Java(TM) SE Runtime Environment (build 1.8.0_221-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode)
[INFO] --- ossindex-maven-plugin:3.1.0:audit (audit-dependencies) @
tika-parsers ---
[INFO] Checking for vulnerabilities; 154 artifacts
[INFO] Exclude coordinates: []
[INFO] Exclude vulnerability identifiers: []
[INFO] CVSS-score threshold: 0.0
[INFO]
------------------------------------------------------------------------
[INFO] Reactor Summary for Apache Tika 2.0.0-SNAPSHOT:
[INFO]
[INFO] Apache Tika parent ................................. SUCCESS [
2.663 s]
[INFO] Apache Tika core ................................... SUCCESS [
10.059 s]
[INFO] Apache Tika parsers ................................ FAILURE [
4.035 s]
[INFO] Apache Tika OSGi bundle ............................ SKIPPED
[INFO] Apache Tika XMP .................................... SKIPPED
[INFO] Apache Tika serialization .......................... SKIPPED
[INFO] Apache Tika batch .................................. SKIPPED
[INFO] Apache Tika language detection ..................... SKIPPED
[INFO] Apache Tika application ............................ SKIPPED
[INFO] Apache Tika translate .............................. SKIPPED
[INFO] Apache Tika server ................................. SKIPPED
[INFO] Apache Tika fuzzing ................................ SKIPPED
[INFO] Apache Tika eval ................................... SKIPPED
[INFO] Apache Tika examples ............................... SKIPPED
[INFO] Apache Tika Java-7 Components ...................... SKIPPED
[INFO] Apache Tika Deep Learning (powered by DL4J) ........ SKIPPED
[INFO] Apache Tika Natural Language Processing ............ SKIPPED
[INFO] Apache Tika ........................................ SKIPPED
[INFO]
------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 17.641 s
[INFO] Finished at: 2020-04-05T23:08:02-07:00
[INFO]
------------------------------------------------------------------------
[ERROR] Failed to execute goal
org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0:audit
(audit-dependencies) on project tika-parsers: Detected 2 vulnerable
components:
[ERROR] org.apache.cxf:cxf-core:jar:3.3.5:compile;
https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-core@3.3.5
[ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with
JMX by registering an Instrumentati... (5.3);
https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51
[ERROR] org.apache.cxf:cxf-rt-frontend-jaxrs:jar:3.3.5:compile;
https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.5
[ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with
JMX by registering an Instrumentati... (5.3);
https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions,
please read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the
command
[ERROR] mvn <goals> -rf :tika-parsers
Is anyone else experiencing this issue? I can't imagine I'm the only one...!
Thanks
Lewis
--
http://home.apache.org/~lewismc/
http://people.apache.org/keys/committer/lewismc
Re: Tika master branch not building
Posted by Eric Pugh <ep...@opensourceconnections.com>.
Not sure I have an opinion, though I’ll note that many of the PR’s in this project are driven by various vulnerabilities! It’s a treadmill of updating dependencies considering how many there are!
For example, the current failure is fixed by bumping the CXF to <cxf.version>3.3.6</cxf.version>
Also, Lewis, I think we are on the latest version of the plugin? https://github.com/apache/tika/blob/master/tika-parent/pom.xml#L382 suggests we are on 3.1.0.
Eric
> On Apr 6, 2020, at 9:59 AM, Nick Burch <ap...@gagravarr.org> wrote:
>
> On Mon, 6 Apr 2020, Eric Pugh wrote:
>> Maybe this needs better documentation, however this is a “works as designed” feature!
>>
>> To avoid the build failing, run mvn package -Dossindex.fail=false
>
> Should we maybe have this set to false by default, and only enabled on release builds?
>
> (We shouldn't have any at release time, but they will obviously creep in between releases)
>
> Nick
_______________________
Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal>
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
Re: Tika master branch not building
Posted by Tim Allison <ta...@apache.org>.
Whoa...Didn't realize I was that far behind on branch_1x. I _think_ it is
now where it should be. I'll add the fuzzing module after the 1.24.1
release.
I'm finishing up the eval run now on the regression corpus. Results
soonish...
On Wed, Apr 8, 2020 at 7:33 AM Tim Allison <ta...@apache.org> wrote:
> Didn't I "fix" this in master:
> https://github.com/apache/tika/commit/f0ae10b072d7d486fed227088d82a3fd4a8d4f1f
> ?
>
> The build should work now. I updated the release process documentation to
> turn back on "fail the build on vulnerability" right before release.
>
> I agree that we need to continue to update our dependencies, and I need to
> cherry-pick a bunch of commits to branch_1x, which I'll do today.
>
> But, the build should work on master... let me know if it doesn't.
>
> Cheers,
>
> Tim
>
> On Wed, Apr 8, 2020 at 7:24 AM Eric Pugh <ep...@opensourceconnections.com>
> wrote:
>
>> If you bump cxf one version, then the complaints stop ;-)
>>
>>
>> https://github.com/apache/tika/pull/316/commits/ee93e6d3d91bdfc40f838556c13698ea5c78e936
>>
>>
>>
>> > On Apr 8, 2020, at 5:35 AM, Sergey Beryozkin <sb...@gmail.com>
>> wrote:
>> >
>> > Hi Lewis
>> >
>> > Getting one of the latest releases should be fine; while I've been out
>> of
>> > touch with CXF recently, I can ask around for some version advice as the
>> > guys deal with the security vulnerabilities seriously there, if
>> addressing
>> > this issue proves problematic
>> > Cheers, Sergey
>> >
>> > On Tue, Apr 7, 2020 at 10:44 PM Lewis John McGibbney <
>> lewismc@apache.org>
>> > wrote:
>> >
>> >> I suspected this was the case folks :)
>> >> I actually really like this idea.
>> >> I'll take the action item to address this seeing as I pulled it up...
>> >> seeing as I am also working on tika-server right now I'll also take the
>> >> action item to address the vulnerable CXF deps.
>> >> Thanks,
>> >> Lewis
>> >>
>> >> On 2020/04/06 16:19:16, Tim Allison <ta...@apache.org> wrote:
>> >>>> We shouldn't have any at release time, but they will obviously creep
>> in
>> >>> between releases
>> >>>
>> >>> Except the time, where I did the release and was trying to build it
>> for
>> >>> updating the site, and this had already kicked in. :(
>> >>>
>> >>> Y, we can turn this to warn, as long as we run it with fail as part of
>> >> the
>> >>> release process.
>> >>>
>> >>> On Mon, Apr 6, 2020 at 9:59 AM Nick Burch <ap...@gagravarr.org>
>> wrote:
>> >>>
>> >>>> On Mon, 6 Apr 2020, Eric Pugh wrote:
>> >>>>> Maybe this needs better documentation, however this is a “works as
>> >>>>> designed” feature!
>> >>>>>
>> >>>>> To avoid the build failing, run mvn package -Dossindex.fail=false
>> >>>>
>> >>>> Should we maybe have this set to false by default, and only enabled
>> >>>> on release builds?
>> >>>>
>> >>>> (We shouldn't have any at release time, but they will obviously creep
>> >> in
>> >>>> between releases)
>> >>>>
>> >>>> Nick
>> >>>
>> >>
>>
>> _______________________
>> Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 |
>> http://www.opensourceconnections.com <
>> http://www.opensourceconnections.com/> | My Free/Busy <
>> http://tinyurl.com/eric-cal>
>> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <
>> https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
>>
>> This e-mail and all contents, including attachments, is considered to be
>> Company Confidential unless explicitly stated otherwise, regardless of
>> whether attachments are marked as such.
>>
>>
Re: Tika master branch not building
Posted by Tim Allison <ta...@apache.org>.
Didn't I "fix" this in master:
https://github.com/apache/tika/commit/f0ae10b072d7d486fed227088d82a3fd4a8d4f1f
?
The build should work now. I updated the release process documentation to
turn back on "fail the build on vulnerability" right before release.
I agree that we need to continue to update our dependencies, and I need to
cherry-pick a bunch of commits to branch_1x, which I'll do today.
But, the build should work on master... let me know if it doesn't.
Cheers,
Tim
On Wed, Apr 8, 2020 at 7:24 AM Eric Pugh <ep...@opensourceconnections.com>
wrote:
> If you bump cxf one version, then the complaints stop ;-)
>
>
> https://github.com/apache/tika/pull/316/commits/ee93e6d3d91bdfc40f838556c13698ea5c78e936
>
>
>
> > On Apr 8, 2020, at 5:35 AM, Sergey Beryozkin <sb...@gmail.com>
> wrote:
> >
> > Hi Lewis
> >
> > Getting one of the latest releases should be fine; while I've been out of
> > touch with CXF recently, I can ask around for some version advice as the
> > guys deal with the security vulnerabilities seriously there, if
> addressing
> > this issue proves problematic
> > Cheers, Sergey
> >
> > On Tue, Apr 7, 2020 at 10:44 PM Lewis John McGibbney <lewismc@apache.org
> >
> > wrote:
> >
> >> I suspected this was the case folks :)
> >> I actually really like this idea.
> >> I'll take the action item to address this seeing as I pulled it up...
> >> seeing as I am also working on tika-server right now I'll also take the
> >> action item to address the vulnerable CXF deps.
> >> Thanks,
> >> Lewis
> >>
> >> On 2020/04/06 16:19:16, Tim Allison <ta...@apache.org> wrote:
> >>>> We shouldn't have any at release time, but they will obviously creep
> in
> >>> between releases
> >>>
> >>> Except the time, where I did the release and was trying to build it for
> >>> updating the site, and this had already kicked in. :(
> >>>
> >>> Y, we can turn this to warn, as long as we run it with fail as part of
> >> the
> >>> release process.
> >>>
> >>> On Mon, Apr 6, 2020 at 9:59 AM Nick Burch <ap...@gagravarr.org>
> wrote:
> >>>
> >>>> On Mon, 6 Apr 2020, Eric Pugh wrote:
> >>>>> Maybe this needs better documentation, however this is a “works as
> >>>>> designed” feature!
> >>>>>
> >>>>> To avoid the build failing, run mvn package -Dossindex.fail=false
> >>>>
> >>>> Should we maybe have this set to false by default, and only enabled
> >>>> on release builds?
> >>>>
> >>>> (We shouldn't have any at release time, but they will obviously creep
> >> in
> >>>> between releases)
> >>>>
> >>>> Nick
> >>>
> >>
>
> _______________________
> Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 |
> http://www.opensourceconnections.com <
> http://www.opensourceconnections.com/> | My Free/Busy <
> http://tinyurl.com/eric-cal>
> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <
> https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
>
> This e-mail and all contents, including attachments, is considered to be
> Company Confidential unless explicitly stated otherwise, regardless of
> whether attachments are marked as such.
>
>
Re: Tika master branch not building
Posted by Eric Pugh <ep...@opensourceconnections.com>.
If you bump cxf one version, then the complaints stop ;-)
https://github.com/apache/tika/pull/316/commits/ee93e6d3d91bdfc40f838556c13698ea5c78e936
> On Apr 8, 2020, at 5:35 AM, Sergey Beryozkin <sb...@gmail.com> wrote:
>
> Hi Lewis
>
> Getting one of the latest releases should be fine; while I've been out of
> touch with CXF recently, I can ask around for some version advice as the
> guys deal with the security vulnerabilities seriously there, if addressing
> this issue proves problematic
> Cheers, Sergey
>
> On Tue, Apr 7, 2020 at 10:44 PM Lewis John McGibbney <le...@apache.org>
> wrote:
>
>> I suspected this was the case folks :)
>> I actually really like this idea.
>> I'll take the action item to address this seeing as I pulled it up...
>> seeing as I am also working on tika-server right now I'll also take the
>> action item to address the vulnerable CXF deps.
>> Thanks,
>> Lewis
>>
>> On 2020/04/06 16:19:16, Tim Allison <ta...@apache.org> wrote:
>>>> We shouldn't have any at release time, but they will obviously creep in
>>> between releases
>>>
>>> Except the time, where I did the release and was trying to build it for
>>> updating the site, and this had already kicked in. :(
>>>
>>> Y, we can turn this to warn, as long as we run it with fail as part of
>> the
>>> release process.
>>>
>>> On Mon, Apr 6, 2020 at 9:59 AM Nick Burch <ap...@gagravarr.org> wrote:
>>>
>>>> On Mon, 6 Apr 2020, Eric Pugh wrote:
>>>>> Maybe this needs better documentation, however this is a “works as
>>>>> designed” feature!
>>>>>
>>>>> To avoid the build failing, run mvn package -Dossindex.fail=false
>>>>
>>>> Should we maybe have this set to false by default, and only enabled
>>>> on release builds?
>>>>
>>>> (We shouldn't have any at release time, but they will obviously creep
>> in
>>>> between releases)
>>>>
>>>> Nick
>>>
>>
_______________________
Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal>
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
Re: Tika master branch not building
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi Lewis
Getting one of the latest releases should be fine; while I've been out of
touch with CXF recently, I can ask around for some version advice as the
guys deal with the security vulnerabilities seriously there, if addressing
this issue proves problematic
Cheers, Sergey
On Tue, Apr 7, 2020 at 10:44 PM Lewis John McGibbney <le...@apache.org>
wrote:
> I suspected this was the case folks :)
> I actually really like this idea.
> I'll take the action item to address this seeing as I pulled it up...
> seeing as I am also working on tika-server right now I'll also take the
> action item to address the vulnerable CXF deps.
> Thanks,
> Lewis
>
> On 2020/04/06 16:19:16, Tim Allison <ta...@apache.org> wrote:
> > >We shouldn't have any at release time, but they will obviously creep in
> > between releases
> >
> > Except the time, where I did the release and was trying to build it for
> > updating the site, and this had already kicked in. :(
> >
> > Y, we can turn this to warn, as long as we run it with fail as part of
> the
> > release process.
> >
> > On Mon, Apr 6, 2020 at 9:59 AM Nick Burch <ap...@gagravarr.org> wrote:
> >
> > > On Mon, 6 Apr 2020, Eric Pugh wrote:
> > > > Maybe this needs better documentation, however this is a “works as
> > > > designed” feature!
> > > >
> > > > To avoid the build failing, run mvn package -Dossindex.fail=false
> > >
> > > Should we maybe have this set to false by default, and only enabled
> > > on release builds?
> > >
> > > (We shouldn't have any at release time, but they will obviously creep
> in
> > > between releases)
> > >
> > > Nick
> >
>
Re: Tika master branch not building
Posted by Lewis John McGibbney <le...@apache.org>.
I suspected this was the case folks :)
I actually really like this idea.
I'll take the action item to address this seeing as I pulled it up... seeing as I am also working on tika-server right now I'll also take the action item to address the vulnerable CXF deps.
Thanks,
Lewis
On 2020/04/06 16:19:16, Tim Allison <ta...@apache.org> wrote:
> >We shouldn't have any at release time, but they will obviously creep in
> between releases
>
> Except the time, where I did the release and was trying to build it for
> updating the site, and this had already kicked in. :(
>
> Y, we can turn this to warn, as long as we run it with fail as part of the
> release process.
>
> On Mon, Apr 6, 2020 at 9:59 AM Nick Burch <ap...@gagravarr.org> wrote:
>
> > On Mon, 6 Apr 2020, Eric Pugh wrote:
> > > Maybe this needs better documentation, however this is a “works as
> > > designed” feature!
> > >
> > > To avoid the build failing, run mvn package -Dossindex.fail=false
> >
> > Should we maybe have this set to false by default, and only enabled
> > on release builds?
> >
> > (We shouldn't have any at release time, but they will obviously creep in
> > between releases)
> >
> > Nick
>
Re: Tika master branch not building
Posted by Tim Allison <ta...@apache.org>.
>We shouldn't have any at release time, but they will obviously creep in
between releases
Except the time, where I did the release and was trying to build it for
updating the site, and this had already kicked in. :(
Y, we can turn this to warn, as long as we run it with fail as part of the
release process.
On Mon, Apr 6, 2020 at 9:59 AM Nick Burch <ap...@gagravarr.org> wrote:
> On Mon, 6 Apr 2020, Eric Pugh wrote:
> > Maybe this needs better documentation, however this is a “works as
> > designed” feature!
> >
> > To avoid the build failing, run mvn package -Dossindex.fail=false
>
> Should we maybe have this set to false by default, and only enabled
> on release builds?
>
> (We shouldn't have any at release time, but they will obviously creep in
> between releases)
>
> Nick
Re: Tika master branch not building
Posted by Nick Burch <ap...@gagravarr.org>.
On Mon, 6 Apr 2020, Eric Pugh wrote:
> Maybe this needs better documentation, however this is a “works as
> designed” feature!
>
> To avoid the build failing, run mvn package -Dossindex.fail=false
Should we maybe have this set to false by default, and only enabled
on release builds?
(We shouldn't have any at release time, but they will obviously creep in
between releases)
Nick
Re: Tika master branch not building
Posted by Eric Pugh <ep...@opensourceconnections.com>.
Maybe this needs better documentation, however this is a “works as designed” feature!
To avoid the build failing, run mvn package -Dossindex.fail=false
This caught me as well the first time, I wonder if there was a nice way of giving a helpful error message?
> On Apr 6, 2020, at 2:19 AM, lewis john mcgibbney <le...@apache.org> wrote:
>
> I'm also seeing a depreciation notice for the ossindex-maven-plugin as well
>
> https://github.com/OSSIndex/ossindex-maven-plugin#deprecated-please-upgrade-to-ossindex-maven
>
> Any info please folks?
> Thanks
>
> On Sun, Apr 5, 2020 at 11:14 PM lewis john mcgibbney <le...@apache.org>
> wrote:
>
>> Hi dev@,
>> Working on TIKA-3082, I just tried to build master branch
>>
>> Downgrading my Java version to 1.8
>> java -version
>> java version "1.8.0_221"
>> Java(TM) SE Runtime Environment (build 1.8.0_221-b11)
>> Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode)
>>
>> [INFO] --- ossindex-maven-plugin:3.1.0:audit (audit-dependencies) @
>> tika-parsers ---
>> [INFO] Checking for vulnerabilities; 154 artifacts
>> [INFO] Exclude coordinates: []
>> [INFO] Exclude vulnerability identifiers: []
>> [INFO] CVSS-score threshold: 0.0
>> [INFO]
>> ------------------------------------------------------------------------
>> [INFO] Reactor Summary for Apache Tika 2.0.0-SNAPSHOT:
>> [INFO]
>> [INFO] Apache Tika parent ................................. SUCCESS [
>> 2.663 s]
>> [INFO] Apache Tika core ................................... SUCCESS [
>> 10.059 s]
>> [INFO] Apache Tika parsers ................................ FAILURE [
>> 4.035 s]
>> [INFO] Apache Tika OSGi bundle ............................ SKIPPED
>> [INFO] Apache Tika XMP .................................... SKIPPED
>> [INFO] Apache Tika serialization .......................... SKIPPED
>> [INFO] Apache Tika batch .................................. SKIPPED
>> [INFO] Apache Tika language detection ..................... SKIPPED
>> [INFO] Apache Tika application ............................ SKIPPED
>> [INFO] Apache Tika translate .............................. SKIPPED
>> [INFO] Apache Tika server ................................. SKIPPED
>> [INFO] Apache Tika fuzzing ................................ SKIPPED
>> [INFO] Apache Tika eval ................................... SKIPPED
>> [INFO] Apache Tika examples ............................... SKIPPED
>> [INFO] Apache Tika Java-7 Components ...................... SKIPPED
>> [INFO] Apache Tika Deep Learning (powered by DL4J) ........ SKIPPED
>> [INFO] Apache Tika Natural Language Processing ............ SKIPPED
>> [INFO] Apache Tika ........................................ SKIPPED
>> [INFO]
>> ------------------------------------------------------------------------
>> [INFO] BUILD FAILURE
>> [INFO]
>> ------------------------------------------------------------------------
>> [INFO] Total time: 17.641 s
>> [INFO] Finished at: 2020-04-05T23:08:02-07:00
>> [INFO]
>> ------------------------------------------------------------------------
>> [ERROR] Failed to execute goal
>> org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0:audit
>> (audit-dependencies) on project tika-parsers: Detected 2 vulnerable
>> components:
>> [ERROR] org.apache.cxf:cxf-core:jar:3.3.5:compile;
>> https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-core@3.3.5
>> [ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with
>> JMX by registering an Instrumentati... (5.3);
>> https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51
>> [ERROR] org.apache.cxf:cxf-rt-frontend-jaxrs:jar:3.3.5:compile;
>> https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.5
>> [ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with
>> JMX by registering an Instrumentati... (5.3);
>> https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51
>> [ERROR]
>> [ERROR] -> [Help 1]
>> [ERROR]
>> [ERROR] To see the full stack trace of the errors, re-run Maven with the
>> -e switch.
>> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
>> [ERROR]
>> [ERROR] For more information about the errors and possible solutions,
>> please read the following articles:
>> [ERROR] [Help 1]
>> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
>> [ERROR]
>> [ERROR] After correcting the problems, you can resume the build with the
>> command
>> [ERROR] mvn <goals> -rf :tika-parsers
>>
>> Is anyone else experiencing this issue? I can't imagine I'm the only
>> one...!
>> Thanks
>> Lewis
>>
>> --
>> http://home.apache.org/~lewismc/
>> http://people.apache.org/keys/committer/lewismc
>>
>
>
> --
> http://home.apache.org/~lewismc/
> http://people.apache.org/keys/committer/lewismc
_______________________
Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal>
Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw>
This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
Re: Tika master branch not building
Posted by lewis john mcgibbney <le...@apache.org>.
I'm also seeing a depreciation notice for the ossindex-maven-plugin as well
https://github.com/OSSIndex/ossindex-maven-plugin#deprecated-please-upgrade-to-ossindex-maven
Any info please folks?
Thanks
On Sun, Apr 5, 2020 at 11:14 PM lewis john mcgibbney <le...@apache.org>
wrote:
> Hi dev@,
> Working on TIKA-3082, I just tried to build master branch
>
> Downgrading my Java version to 1.8
> java -version
> java version "1.8.0_221"
> Java(TM) SE Runtime Environment (build 1.8.0_221-b11)
> Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode)
>
> [INFO] --- ossindex-maven-plugin:3.1.0:audit (audit-dependencies) @
> tika-parsers ---
> [INFO] Checking for vulnerabilities; 154 artifacts
> [INFO] Exclude coordinates: []
> [INFO] Exclude vulnerability identifiers: []
> [INFO] CVSS-score threshold: 0.0
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Reactor Summary for Apache Tika 2.0.0-SNAPSHOT:
> [INFO]
> [INFO] Apache Tika parent ................................. SUCCESS [
> 2.663 s]
> [INFO] Apache Tika core ................................... SUCCESS [
> 10.059 s]
> [INFO] Apache Tika parsers ................................ FAILURE [
> 4.035 s]
> [INFO] Apache Tika OSGi bundle ............................ SKIPPED
> [INFO] Apache Tika XMP .................................... SKIPPED
> [INFO] Apache Tika serialization .......................... SKIPPED
> [INFO] Apache Tika batch .................................. SKIPPED
> [INFO] Apache Tika language detection ..................... SKIPPED
> [INFO] Apache Tika application ............................ SKIPPED
> [INFO] Apache Tika translate .............................. SKIPPED
> [INFO] Apache Tika server ................................. SKIPPED
> [INFO] Apache Tika fuzzing ................................ SKIPPED
> [INFO] Apache Tika eval ................................... SKIPPED
> [INFO] Apache Tika examples ............................... SKIPPED
> [INFO] Apache Tika Java-7 Components ...................... SKIPPED
> [INFO] Apache Tika Deep Learning (powered by DL4J) ........ SKIPPED
> [INFO] Apache Tika Natural Language Processing ............ SKIPPED
> [INFO] Apache Tika ........................................ SKIPPED
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: 17.641 s
> [INFO] Finished at: 2020-04-05T23:08:02-07:00
> [INFO]
> ------------------------------------------------------------------------
> [ERROR] Failed to execute goal
> org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0:audit
> (audit-dependencies) on project tika-parsers: Detected 2 vulnerable
> components:
> [ERROR] org.apache.cxf:cxf-core:jar:3.3.5:compile;
> https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-core@3.3.5
> [ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with
> JMX by registering an Instrumentati... (5.3);
> https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51
> [ERROR] org.apache.cxf:cxf-rt-frontend-jaxrs:jar:3.3.5:compile;
> https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.5
> [ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with
> JMX by registering an Instrumentati... (5.3);
> https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51
> [ERROR]
> [ERROR] -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the
> -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions,
> please read the following articles:
> [ERROR] [Help 1]
> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
> [ERROR]
> [ERROR] After correcting the problems, you can resume the build with the
> command
> [ERROR] mvn <goals> -rf :tika-parsers
>
> Is anyone else experiencing this issue? I can't imagine I'm the only
> one...!
> Thanks
> Lewis
>
> --
> http://home.apache.org/~lewismc/
> http://people.apache.org/keys/committer/lewismc
>
--
http://home.apache.org/~lewismc/
http://people.apache.org/keys/committer/lewismc