You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@any23.apache.org by "dataminer.accolade (Jira)" <ji...@apache.org> on 2022/10/02 20:42:00 UTC

[jira] [Created] (ANY23-608) Any23 cannot be built due to security vulnerabilities.

dataminer.accolade created ANY23-608:
----------------------------------------

             Summary: Any23 cannot be built due to security vulnerabilities.
                 Key: ANY23-608
                 URL: https://issues.apache.org/jira/browse/ANY23-608
             Project: Apache Any23
          Issue Type: Improvement
    Affects Versions: 2.7
            Reporter: dataminer.accolade


Ich have tried to build from the following Dockerfile:
{code:java}
FROM maven:3-jdk-11 AS buildARG ANY23_VERSION_ARG

ENV ANY23_VERSION=${ANY23_VERSION_ARG:-2.7}
ENV ARCHIV_NAME="tmp-archiv.tar.gz"RUN mkdir -p ~/.m2/

RUN echo "<settings><mirrors><mirror><id>maven-central</id><mirrorOf>*</mirrorOf><url>https://repo.maven.apache.org/maven2</url><blocked>false</blocked></mirror></mirrors></settings>" > ~/.m2/settings.xml

WORKDIR /any23
RUN curl -L --output "$ARCHIV_NAME" "https://api.github.com/repos/apache/any23/tarball/refs/tags/any23-$ANY23_VERSION"
RUN tar xf "$ARCHIV_NAME" --strip-components=1
RUN rm "$ARCHIV_NAME"
RUN mvn clean install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true {code}
I had to exclude the following packages with (-Dossindex.excludeCoordinates) to complete the build process:

com.drewnoakes:metadata-extractor:2.16.0
com.fasterxml.jackson.core:jackson-databind:2.11.4
com.google.guava:guava:30.1.1-jre
org.apache.poi:poi-scratchpad:5.2.0
org.apache.tika:tika-core:2.3.0
org.apache.tika:tika-parser-image-module:2.3.0
org.jsoup:jsoup:1.14.3
org.yaml:snakeyaml:1.30
xerces:xercesImpl:2.12.2



--
This message was sent by Atlassian Jira
(v8.20.10#820010)