You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ta...@apache.org on 2022/07/20 14:00:10 UTC
[tika] branch main updated: Fix documentation to use -Dossindex.skip because -Dossindex.fail=false is not working. Also remove the jetty-io exclusion; my guess is that ossindex folks updated their db so that 9.x is no longer flagged.
This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/main by this push:
new 7042b387c Fix documentation to use -Dossindex.skip because -Dossindex.fail=false is not working. Also remove the jetty-io exclusion; my guess is that ossindex folks updated their db so that 9.x is no longer flagged.
7042b387c is described below
commit 7042b387c6852f244655ccd2686191f1f61aeb10
Author: tallison <ta...@apache.org>
AuthorDate: Wed Jul 20 09:59:41 2022 -0400
Fix documentation to use -Dossindex.skip because -Dossindex.fail=false is not working. Also remove the jetty-io exclusion; my guess is that ossindex folks updated their db so that 9.x is no longer flagged.
---
README.md | 6 +++---
tika-parent/pom.xml | 9 ++-------
2 files changed, 5 insertions(+), 10 deletions(-)
diff --git a/README.md b/README.md
index 819a73c52..43cacc398 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,7 @@ To build a specific project (for example, tika-server-standard):
If the ossindex-maven-plugin is causing the build to fail because a dependency
has now been discovered to have a vulnerability:
- mvn clean install -Dossindex.fail=false
+ mvn clean install -Dossindex.skip
Maven Dependencies
@@ -115,7 +115,7 @@ If a new vulnerability has been discovered between the date of the
tag and the date you are building the tag, you may need to build with:
```
-4. mvn clean install -Dossindex.fail=false
+4. mvn clean install -Dossindex.skip
```
If a local test is not working in your environment, please notify
@@ -123,7 +123,7 @@ If a local test is not working in your environment, please notify
you can turn off individual tests with e.g.:
```
-4. mvn clean install -Dossindex.fail=false -Dtest=\!UnpackerResourceTest#testPDFImages
+4. mvn clean install -Dossindex.skip -Dtest=\!UnpackerResourceTest#testPDFImages
```
License (see also LICENSE.txt)
diff --git a/tika-parent/pom.xml b/tika-parent/pom.xml
index d97443bc3..bcd562281 100644
--- a/tika-parent/pom.xml
+++ b/tika-parent/pom.xml
@@ -770,7 +770,8 @@
<generateBackupPoms>false</generateBackupPoms>
</configuration>
</plugin>
- <!-- to run just this: mvn ossindex:audit -Dossindex.fail=(true|false) -->
+ <!-- to run just this: mvn ossindex:audit -Dossindex.fail=(true|false)
+ Although, -Dossindex.fail doesn't seem to work for us -->
<plugin>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-plugin</artifactId>
@@ -841,12 +842,6 @@
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</exclude>
- <exclude>
- <!-- CVE-2022-2191 applies to jetty 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 -->
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-io</artifactId>
- <version>9.4.48.v20220622</version>
- </exclude>
</excludeCoordinates>
<fail>true</fail>
</configuration>