You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@struts.apache.org by Apache Jenkins Server <je...@builds.apache.org> on 2019/02/05 09:30:19 UTC
Build failed in Jenkins: Struts-master-JDK8-dependency-check #141
See <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/141/display/redirect?page=changes>
Changes:
[github] Switch to Java 8
[github] Update Jenkinsfile
[github] Update .travis.yml
[lukaszlenart] Adds a link to JavaDocs
[yasserzamani] upgrade to ASM 7
[amashchenko] WW-4991 Not existing property in listValueKey throws exception
------------------------------------------
[...truncated 912.91 KB...]
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 5 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 4 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-portlet-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-portlet-tiles-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-portlet-tiles-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-portlet-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-portlet-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-portlet-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-portlet-tiles-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (7 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (0 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Portlet Tiles Plugin:
tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8, cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) : CVE-2016-3093
See the dependency-check report for more details.
[INFO]
[INFO] -------------< org.apache.struts:struts2-sitegraph-plugin >-------------
[INFO] Building DEPRECATED: Struts 2 Sitegraph Plugin 2.6-SNAPSHOT [31/36]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-sitegraph-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ struts2-sitegraph-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 18 source files to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/classes>
[INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java> uses unchecked or unsafe operations.
[INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-bundle-plugin:3.5.0:manifest (bundle-manifest) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-sitegraph-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 6 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:testCompile (default-testCompile) @ struts2-sitegraph-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.sitegraph.SiteGraphTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.741 s - in org.apache.struts2.sitegraph.SiteGraphTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-sitegraph-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 61 implicit excludes (use -debug for more details).
[INFO] Exclude: Jenkinsfile
[INFO] Exclude: src/main/groovy/Jenkinsfile.gdsl
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 27 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 26 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-sitegraph-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-sitegraph-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-sitegraph-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-sitegraph-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-sitegraph-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-sitegraph-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (7 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (0 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Sitegraph Plugin:
org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4, cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4, cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524, CVE-2009-1523, CVE-2005-3747, CVE-2007-5615
jasper-compiler-5.5.12.jar (cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12, cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 2.6-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.311 s]
[INFO] Struts 2 ........................................... SUCCESS [03:30 min]
[INFO] Struts 2 Core ...................................... SUCCESS [01:29 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 2.307 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 2.663 s]
[INFO] Struts 2 Sitemesh Plugin ........................... SUCCESS [ 3.123 s]
[INFO] Struts 2 Tiles Plugin .............................. SUCCESS [ 4.475 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 2.623 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 4.578 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 9.642 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.375 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.108 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 4.799 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.717 s]
[INFO] Struts 2 Webapps ................................... SUCCESS [ 2.952 s]
[INFO] Struts 2 Showcase Webapp ........................... SUCCESS [ 50.391 s]
[INFO] Struts 2 REST Plugin ............................... SUCCESS [ 5.658 s]
[INFO] Struts 2 Rest Showcase Webapp ...................... SUCCESS [ 3.064 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.243 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin ........... SUCCESS [ 8.846 s]
[INFO] Struts 2 GXP Plugin ................................ SUCCESS [ 2.715 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 6.386 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.843 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.191 s]
[INFO] Struts 2 OSGi Plugin ............................... SUCCESS [ 4.481 s]
[INFO] Struts 2 OVal Plugin ............................... SUCCESS [ 5.519 s]
[INFO] Struts 2 Pell Multipart Plugin ..................... SUCCESS [ 3.345 s]
[INFO] Struts 2 Plexus Plugin ............................. SUCCESS [ 2.621 s]
[INFO] Struts 2 Portlet Plugin ............................ SUCCESS [ 7.886 s]
[INFO] Struts 2 Portlet Tiles Plugin ...................... SUCCESS [ 2.891 s]
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. FAILURE [ 6.757 s]
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 OSGi Bundles .............................. SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 08:03 min
[INFO] Finished at: 2019-02-05T09:30:18Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:4.0.2:check (default) on project struts2-sitegraph-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] jasper-compiler-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
[ERROR] jasper-runtime-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :struts2-sitegraph-plugin
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Jenkins build is back to normal :
Struts-master-JDK8-dependency-check #145
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/145/display/redirect?page=changes>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts-master-JDK8-dependency-check #144
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/144/display/redirect?page=changes>
Changes:
[jogep] Add maven enforce plugin with rule to avoid dependency convergence
[jogep] Solve some dependency convergence issues reported by maven enforce
[jogep] Use latest available hibernate-validator version for bean validation
[jogep] Fix compile issue of post order test example with latest http client
[jogep] Fix compile issue of jasper plugin with latest jasper version
------------------------------------------
[...truncated 1.02 MB...]
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 5 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 4 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-portlet-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-portlet-tiles-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce) @ struts2-portlet-tiles-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce-maven-version) @ struts2-portlet-tiles-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-portlet-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-portlet-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-portlet-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-portlet-tiles-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (11 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Portlet Tiles Plugin:
tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8, cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) : CVE-2016-3093
See the dependency-check report for more details.
[INFO]
[INFO] -------------< org.apache.struts:struts2-sitegraph-plugin >-------------
[INFO] Building DEPRECATED: Struts 2 Sitegraph Plugin 2.6-SNAPSHOT [31/36]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-sitegraph-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ struts2-sitegraph-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 18 source files to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/classes>
[INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java> uses unchecked or unsafe operations.
[INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-bundle-plugin:3.5.0:manifest (bundle-manifest) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-sitegraph-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 6 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:testCompile (default-testCompile) @ struts2-sitegraph-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.sitegraph.SiteGraphTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.957 s - in org.apache.struts2.sitegraph.SiteGraphTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-sitegraph-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 61 implicit excludes (use -debug for more details).
[INFO] Exclude: Jenkinsfile
[INFO] Exclude: src/main/groovy/Jenkinsfile.gdsl
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 27 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 26 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-sitegraph-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-sitegraph-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-sitegraph-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-sitegraph-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-sitegraph-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-sitegraph-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (12 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (0 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Sitegraph Plugin:
org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4, cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4, cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524, CVE-2009-1523, CVE-2005-3747, CVE-2007-5615
jasper-compiler-5.5.12.jar (cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12, cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 2.6-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.027 s]
[INFO] Struts 2 ........................................... SUCCESS [ 16.958 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:58 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.179 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.521 s]
[INFO] Struts 2 Sitemesh Plugin ........................... SUCCESS [ 4.089 s]
[INFO] Struts 2 Tiles Plugin .............................. SUCCESS [ 5.272 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.611 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 5.088 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.147 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 9.032 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 10.751 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 7.187 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.528 s]
[INFO] Struts 2 Webapps ................................... SUCCESS [ 3.369 s]
[INFO] Struts 2 Showcase Webapp ........................... SUCCESS [01:03 min]
[INFO] Struts 2 REST Plugin ............................... SUCCESS [ 7.618 s]
[INFO] Struts 2 Rest Showcase Webapp ...................... SUCCESS [ 4.272 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.379 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin ........... SUCCESS [ 10.988 s]
[INFO] Struts 2 GXP Plugin ................................ SUCCESS [ 3.186 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 8.997 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.478 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 6.138 s]
[INFO] Struts 2 OSGi Plugin ............................... SUCCESS [ 5.253 s]
[INFO] Struts 2 OVal Plugin ............................... SUCCESS [ 7.059 s]
[INFO] Struts 2 Pell Multipart Plugin ..................... SUCCESS [ 3.127 s]
[INFO] Struts 2 Plexus Plugin ............................. SUCCESS [ 2.992 s]
[INFO] Struts 2 Portlet Plugin ............................ SUCCESS [ 9.143 s]
[INFO] Struts 2 Portlet Tiles Plugin ...................... SUCCESS [ 3.669 s]
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. FAILURE [ 8.011 s]
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 OSGi Bundles .............................. SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 06:05 min
[INFO] Finished at: 2019-02-10T08:00:12Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:4.0.2:check (default) on project struts2-sitegraph-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] jasper-compiler-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
[ERROR] jasper-runtime-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :struts2-sitegraph-plugin
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: Build failed in Jenkins: Struts-master-JDK8-dependency-check #143
Posted by Lukasz Lenart <lu...@apache.org>.
czw., 7 lut 2019 o 09:00 Apache Jenkins Server
<je...@builds.apache.org> napisał(a):
> One or more dependencies were identified with known vulnerabilities in Struts 2 Portlet Tiles Plugin:
>
> tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8, cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) : CVE-2016-3093
Looks like we have an issue. Tiles was moved to addict and it isn't
actively supported anymore. I thought about preparing a PR to fix
this.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts-master-JDK8-dependency-check #143
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/143/display/redirect?page=changes>
Changes:
[amashchenko] WW-5009 EmptyStackException in JSON plugin due to concurrency
[amashchenko] WW-5016 Support java8 date/time in date tag
[amashchenko] Update jenkins badge
------------------------------------------
[...truncated 806.70 KB...]
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 5 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 4 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-portlet-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-portlet-tiles-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-portlet-tiles-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-portlet-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-portlet-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-portlet-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-portlet-tiles-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (13 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Portlet Tiles Plugin:
tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8, cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) : CVE-2016-3093
See the dependency-check report for more details.
[INFO]
[INFO] -------------< org.apache.struts:struts2-sitegraph-plugin >-------------
[INFO] Building DEPRECATED: Struts 2 Sitegraph Plugin 2.6-SNAPSHOT [31/36]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-sitegraph-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ struts2-sitegraph-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 18 source files to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/classes>
[INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java> uses unchecked or unsafe operations.
[INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-bundle-plugin:3.5.0:manifest (bundle-manifest) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-sitegraph-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 6 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:testCompile (default-testCompile) @ struts2-sitegraph-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.sitegraph.SiteGraphTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.946 s - in org.apache.struts2.sitegraph.SiteGraphTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-sitegraph-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 61 implicit excludes (use -debug for more details).
[INFO] Exclude: Jenkinsfile
[INFO] Exclude: src/main/groovy/Jenkinsfile.gdsl
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 27 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 26 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-sitegraph-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-sitegraph-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-sitegraph-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-sitegraph-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-sitegraph-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-sitegraph-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (12 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (0 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Sitegraph Plugin:
org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4, cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4, cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524, CVE-2009-1523, CVE-2005-3747, CVE-2007-5615
jasper-compiler-5.5.12.jar (cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12, cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 2.6-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.981 s]
[INFO] Struts 2 ........................................... SUCCESS [ 24.986 s]
[INFO] Struts 2 Core ...................................... SUCCESS [01:53 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.394 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.529 s]
[INFO] Struts 2 Sitemesh Plugin ........................... SUCCESS [ 4.284 s]
[INFO] Struts 2 Tiles Plugin .............................. SUCCESS [ 4.921 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.265 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 5.061 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 11.731 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 8.431 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 9.934 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.901 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.850 s]
[INFO] Struts 2 Webapps ................................... SUCCESS [ 3.456 s]
[INFO] Struts 2 Showcase Webapp ........................... SUCCESS [01:01 min]
[INFO] Struts 2 REST Plugin ............................... SUCCESS [ 6.831 s]
[INFO] Struts 2 Rest Showcase Webapp ...................... SUCCESS [ 4.230 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.317 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin ........... SUCCESS [ 10.973 s]
[INFO] Struts 2 GXP Plugin ................................ SUCCESS [ 3.206 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 7.909 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.805 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 6.267 s]
[INFO] Struts 2 OSGi Plugin ............................... SUCCESS [ 4.759 s]
[INFO] Struts 2 OVal Plugin ............................... SUCCESS [ 6.651 s]
[INFO] Struts 2 Pell Multipart Plugin ..................... SUCCESS [ 2.926 s]
[INFO] Struts 2 Plexus Plugin ............................. SUCCESS [ 2.944 s]
[INFO] Struts 2 Portlet Plugin ............................ SUCCESS [ 9.494 s]
[INFO] Struts 2 Portlet Tiles Plugin ...................... SUCCESS [ 3.773 s]
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. FAILURE [ 7.568 s]
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 OSGi Bundles .............................. SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 06:01 min
[INFO] Finished at: 2019-02-07T08:00:16Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:4.0.2:check (default) on project struts2-sitegraph-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] jasper-compiler-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
[ERROR] jasper-runtime-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :struts2-sitegraph-plugin
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
RE: Build failed in Jenkins: Struts-master-JDK8-dependency-check #142
Posted by Yasser Zamani <ya...@apache.org>.
+1 . Why not. Let's have more clean code :)
>-----Original Message-----
>From: Lukasz Lenart <lu...@apache.org>
>Sent: Tuesday, February 5, 2019 1:55 PM
>To: Struts Developers List <de...@struts.apache.org>
>Subject: Re: Build failed in Jenkins: Struts-master-JDK8-dependency-check #142
>
>Looks like it's about the time to drop this plugin :)
>
>wt., 5 lut 2019 o 11:17 Apache Jenkins Server <je...@builds.apache.org>
>napisał(a):
>>
>> One or more dependencies were identified with known vulnerabilities in
>DEPRECATED: Struts 2 Sitegraph Plugin:
>>
>> org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4,
>> cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4,
>> cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524,
>> CVE-2009-1523, CVE-2005-3747, CVE-2007-5615 jasper-compiler-5.5.12.jar
>> (cpe:/a:apache:tomcat:5.5.12,
>> cpe:/a:apache_software_foundation:tomcat:5.5.12,
>> cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) :
>> CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096,
>> CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519,
>> CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887,
>> CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370,
>> CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342,
>> CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515,
>> CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119,
>> CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075,
>> CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718,
>> CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196,
>> CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783,
>> CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382,
>> CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449,
>> CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286,
>> CVE-2013-2185 jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12,
>> cpe:/a:apache:tomcat:5.5.12,
>> cpe:/a:apache_software_foundation:tomcat:5.5.12,
>> cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548,
>> CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099,
>> CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056,
>> CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526,
>> CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835,
>> CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450,
>> CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325,
>> CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063,
>> CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184,
>> CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195,
>> CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901,
>> CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385,
>> CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580,
>> CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013,
>> CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org For additional
>commands, e-mail: dev-help@struts.apache.org
Re: Build failed in Jenkins: Struts-master-JDK8-dependency-check #142
Posted by Lukasz Lenart <lu...@apache.org>.
Looks like it's about the time to drop this plugin :)
wt., 5 lut 2019 o 11:17 Apache Jenkins Server
<je...@builds.apache.org> napisał(a):
>
> One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Sitegraph Plugin:
>
> org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4, cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4, cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524, CVE-2009-1523, CVE-2005-3747, CVE-2007-5615
> jasper-compiler-5.5.12.jar (cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
> jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12, cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Build failed in Jenkins: Struts-master-JDK8-dependency-check #142
Posted by Apache Jenkins Server <je...@builds.apache.org>.
See <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/142/display/redirect>
------------------------------------------
[...truncated 865.33 KB...]
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 5 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 4 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-portlet-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-portlet-tiles-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-portlet-tiles-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-portlet-tiles-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-portlet-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-portlet-tiles-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-portlet-tiles-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (12 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (0 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2 Portlet Tiles Plugin:
tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8, cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) : CVE-2016-3093
See the dependency-check report for more details.
[INFO]
[INFO] -------------< org.apache.struts:struts2-sitegraph-plugin >-------------
[INFO] Building DEPRECATED: Struts 2 Sitegraph Plugin 2.6-SNAPSHOT [31/36]
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-sitegraph-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ struts2-sitegraph-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 18 source files to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/classes>
[INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java> uses unchecked or unsafe operations.
[INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: Recompile with -Xlint:unchecked for details.
[INFO]
[INFO] --- maven-bundle-plugin:3.5.0:manifest (bundle-manifest) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-sitegraph-plugin ---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 6 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.7.0:testCompile (default-testCompile) @ struts2-sitegraph-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/test-classes>
[INFO]
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] -------------------------------------------------------
[INFO] T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.sitegraph.SiteGraphTest
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.017 s - in org.apache.struts2.sitegraph.SiteGraphTest
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-sitegraph-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 61 implicit excludes (use -debug for more details).
[INFO] Exclude: Jenkinsfile
[INFO] Exclude: src/main/groovy/Jenkinsfile.gdsl
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 27 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 26 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-sitegraph-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-sitegraph-plugin >>>
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-sitegraph-plugin <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-sitegraph-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-sitegraph-plugin ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-sitegraph-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (8 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Sitegraph Plugin:
org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4, cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4, cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524, CVE-2009-1523, CVE-2005-3747, CVE-2007-5615
jasper-compiler-5.5.12.jar (cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12, cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 2.6-SNAPSHOT:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.855 s]
[INFO] Struts 2 ........................................... SUCCESS [03:39 min]
[INFO] Struts 2 Core ...................................... SUCCESS [01:58 min]
[INFO] Struts 2 Plugins ................................... SUCCESS [ 3.006 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 3.310 s]
[INFO] Struts 2 Sitemesh Plugin ........................... SUCCESS [ 4.192 s]
[INFO] Struts 2 Tiles Plugin .............................. SUCCESS [ 5.005 s]
[INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 3.057 s]
[INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 5.056 s]
[INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 12.407 s]
[INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 9.122 s]
[INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 10.537 s]
[INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 6.303 s]
[INFO] Struts 2 Async Plugin .............................. SUCCESS [ 4.670 s]
[INFO] Struts 2 Webapps ................................... SUCCESS [ 3.893 s]
[INFO] Struts 2 Showcase Webapp ........................... SUCCESS [01:05 min]
[INFO] Struts 2 REST Plugin ............................... SUCCESS [ 8.176 s]
[INFO] Struts 2 Rest Showcase Webapp ...................... SUCCESS [ 4.344 s]
[INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 5.965 s]
[INFO] DEPRECATED: Struts 2 Embedded JSP Plugin ........... SUCCESS [ 10.696 s]
[INFO] Struts 2 GXP Plugin ................................ SUCCESS [ 3.500 s]
[INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 8.767 s]
[INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 4.801 s]
[INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 6.302 s]
[INFO] Struts 2 OSGi Plugin ............................... SUCCESS [ 5.412 s]
[INFO] Struts 2 OVal Plugin ............................... SUCCESS [ 7.378 s]
[INFO] Struts 2 Pell Multipart Plugin ..................... SUCCESS [ 2.887 s]
[INFO] Struts 2 Plexus Plugin ............................. SUCCESS [ 3.112 s]
[INFO] Struts 2 Portlet Plugin ............................ SUCCESS [ 9.490 s]
[INFO] Struts 2 Portlet Tiles Plugin ...................... SUCCESS [ 3.347 s]
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. FAILURE [ 8.474 s]
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 OSGi Bundles .............................. SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 09:32 min
[INFO] Finished at: 2019-02-05T10:17:37Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:4.0.2:check (default) on project struts2-sitegraph-plugin:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] jasper-compiler-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
[ERROR] jasper-runtime-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :struts2-sitegraph-plugin
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
Re: Build failed in Jenkins: Struts-master-JDK8-dependency-check #141
Posted by Lukasz Lenart <lu...@apache.org>.
wt., 5 lut 2019 o 11:23 Yasser Zamani <ya...@apache.org> napisał(a):
>
> But it works fine now when I manipulated it to use java 8 - it has found new CVEs.
This a different build
> Actually I think we should drop current `Struts-master-JDK8` job and rename and manipulate current ` Struts-master-JDK7` to use java 8 because we want to keep uploading to snapshot - current `Struts-master-JDK8` isn't created to uploading, it's just for test if Struts can be built with java 8.
I have moved such configuration to the new build and the old one is gone.
Regards
--
Łukasz
+ 48 606 323 122 http://www.lenart.org.pl/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
RE: Build failed in Jenkins: Struts-master-JDK8-dependency-check #141
Posted by Yasser Zamani <ya...@apache.org>.
But it works fine now when I manipulated it to use java 8 - it has found new CVEs.
Actually I think we should drop current `Struts-master-JDK8` job and rename and manipulate current ` Struts-master-JDK7` to use java 8 because we want to keep uploading to snapshot - current `Struts-master-JDK8` isn't created to uploading, it's just for test if Struts can be built with java 8.
Kind Regards.
>-----Original Message-----
>From: Lukasz Lenart <lu...@apache.org>
>Sent: Tuesday, February 5, 2019 1:34 PM
>To: Struts Developers List <de...@struts.apache.org>
>Subject: Re: Build failed in Jenkins: Struts-master-JDK8-dependency-check #141
>
>I think, we can drop this build as we switched to JDK8 for Struts 2.6 (it's the
>master branch). I will use an existing job to take over those responsibilities.
>
>wt., 5 lut 2019 o 10:30 Apache Jenkins Server <je...@builds.apache.org>
>napisał(a):
>>
>> See
>> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/141
>> /display/redirect?page=changes>
>>
>> Changes:
>>
>> [github] Switch to Java 8
>>
>> [github] Update Jenkinsfile
>>
>> [github] Update .travis.yml
>>
>> [lukaszlenart] Adds a link to JavaDocs
>>
>> [yasserzamani] upgrade to ASM 7
>>
>> [amashchenko] WW-4991 Not existing property in listValueKey throws
>> exception
>>
>> ------------------------------------------
>> [...truncated 912.91 KB...]
>> [INFO] Exclude: src/main/webapp/**/*.svg [INFO] Exclude:
>> src/main/webapp/**/*.txt [INFO] Exclude:
>> src/main/resources/**/sitegraph-usage.txt
>> [INFO] Exclude: src/main/resources/**/docs-urls.txt
>> [INFO] Exclude: src/etc/header.txt
>> [INFO] Exclude: src/main/resources/static/css/**/*.css
>> [INFO] Exclude: src/main/resources/static/js/**/*.js
>> [INFO] Exclude: src/main/resources/docs.cfg [INFO] Exclude:
>> src/main/webapp/fonts/**/* [INFO] 5 resources included (use -debug for
>> more details) [INFO] Rat check: Summary over all files. Unapproved: 0,
>> unknown: 0, generated: 0, approved: 4 licenses.
>> [INFO]
>> [INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @
>> struts2-portlet-tiles-plugin --- [INFO] Building jar:
>> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/
>> plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT
>> .jar>
>> [INFO]
>> [INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) >
>> generate-sources @ struts2-portlet-tiles-plugin >>> [INFO] [INFO] ---
>> maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
>> struts2-portlet-tiles-plugin --- [INFO] [INFO] <<<
>> maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @
>> struts2-portlet-tiles-plugin <<< [INFO] [INFO] [INFO] ---
>> maven-source-plugin:3.0.1:jar (attach-sources) @
>> struts2-portlet-tiles-plugin --- [INFO] Building jar:
>> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/
>> plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT
>> -sources.jar>
>> [INFO]
>> [INFO] --- maven-site-plugin:3.7.1:attach-descriptor
>> (attach-descriptor) @ struts2-portlet-tiles-plugin --- [INFO] Skipping because
>packaging 'jar' is not pom.
>> [INFO]
>> [INFO] --- dependency-check-maven:4.0.2:check (default) @
>> struts2-portlet-tiles-plugin --- [INFO] Central analyzer disabled
>> [INFO] Checking for updates [INFO] Skipping NVD check since last check
>> was within 4 hours.
>> [INFO] Skipping RetireJS update since last update was within 24 hours.
>> [INFO] Check for updates complete (7 ms) [INFO] Analysis Started
>> [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name
>> Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO]
>> Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished
>> Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0
>> seconds) [INFO] Created CPE Index (0 seconds) [INFO] Skipping CPE
>> Analysis for npm [INFO] Finished CPE Analyzer (0 seconds) [INFO]
>> Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE
>> Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression
>> Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0
>> seconds) [INFO] Analysis Complete (1 seconds) [WARNING]
>>
>> One or more dependencies were identified with known vulnerabilities in Struts 2
>Portlet Tiles Plugin:
>>
>> tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8,
>> cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) :
>> CVE-2016-3093
>>
>>
>> See the dependency-check report for more details.
>>
>>
>> [INFO]
>> [INFO] -------------< org.apache.struts:struts2-sitegraph-plugin >-------------
>> [INFO] Building DEPRECATED: Struts 2 Sitegraph Plugin 2.6-SNAPSHOT
>[31/36]
>> [INFO] --------------------------------[ jar
>> ]---------------------------------
>> [INFO]
>> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version)
>> @ struts2-sitegraph-plugin --- [INFO] [INFO] ---
>> maven-remote-resources-plugin:1.5:process (process-resource-bundles) @
>> struts2-sitegraph-plugin --- [INFO] [INFO] ---
>> maven-resources-plugin:3.1.0:resources (default-resources) @
>> struts2-sitegraph-plugin --- [INFO] Using 'UTF-8' encoding to copy filtered
>resources.
>> [INFO] Copying 3 resources
>> [INFO] Copying 3 resources
>> [INFO]
>> [INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @
>> struts2-sitegraph-plugin --- [INFO] Changes detected - recompiling the module!
>> [INFO] Compiling 18 source files to
>> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/
>> plugins/sitegraph/target/classes> [INFO]
>> <https://builds.apache.org/job/Struts-master-JDK8-dependency-
>check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>:
><https://builds.apache.org/job/Struts-master-JDK8-dependency-
>check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java> uses
>unchecked or unsafe operations.
>> [INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-
>check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>:
>Recompile with -Xlint:unchecked for details.
>> [INFO]
>> [INFO] --- maven-bundle-plugin:3.5.0:manifest (bundle-manifest) @
>> struts2-sitegraph-plugin --- [INFO] [INFO] ---
>> maven-resources-plugin:3.1.0:testResources (default-testResources) @
>> struts2-sitegraph-plugin --- [INFO] Using 'UTF-8' encoding to copy filtered
>resources.
>> [INFO] Copying 6 resources
>> [INFO] Copying 3 resources
>> [INFO]
>> [INFO] --- maven-compiler-plugin:3.7.0:testCompile
>> (default-testCompile) @ struts2-sitegraph-plugin --- [INFO] Changes detected -
>recompiling the module!
>> [INFO] Compiling 1 source file to
>> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/
>> plugins/sitegraph/target/test-classes>
>> [INFO]
>> [INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @
>> struts2-sitegraph-plugin --- [INFO] [INFO]
>> -------------------------------------------------------
>> [INFO] T E S T S
>> [INFO] -------------------------------------------------------
>> [INFO] Running org.apache.struts2.sitegraph.SiteGraphTest
>> ERROR StatusLogger Log4j2 could not find a logging implementation. Please
>add log4j-core to the classpath. Using SimpleLogger to log to the console...
>> [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed:
>> 0.741 s - in org.apache.struts2.sitegraph.SiteGraphTest
>> [INFO]
>> [INFO] Results:
>> [INFO]
>> [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0 [INFO] [INFO]
>> [INFO] --- apache-rat-plugin:0.12:check (default) @
>> struts2-sitegraph-plugin --- [INFO] Added 1 additional default licenses.
>> [INFO] Added 1 custom approved licenses.
>> [INFO] Will parse SCM ignores for exclusions...
>> [INFO] Finished adding exclusions from SCM ignore files.
>> [INFO] 61 implicit excludes (use -debug for more details).
>> [INFO] Exclude: Jenkinsfile
>> [INFO] Exclude: src/main/groovy/Jenkinsfile.gdsl [INFO] Exclude:
>> src/main/resources/org/apache/struts2/static/domTT.js
>> [INFO] Exclude: src/site/resources/tags/**/*.html [INFO] Exclude:
>> src/main/resources/*LICENSE.txt [INFO] Exclude:
>> src/test/resources/**/*.txt [INFO] Exclude: src/main/webapp/**/*.css
>> [INFO] Exclude: src/main/webapp/**/*.map [INFO] Exclude:
>> src/main/webapp/**/*.js [INFO] Exclude: src/main/webapp/**/*.svg
>> [INFO] Exclude: src/main/webapp/**/*.txt [INFO] Exclude:
>> src/main/resources/**/sitegraph-usage.txt
>> [INFO] Exclude: src/main/resources/**/docs-urls.txt
>> [INFO] Exclude: src/etc/header.txt
>> [INFO] Exclude: src/main/resources/static/css/**/*.css
>> [INFO] Exclude: src/main/resources/static/js/**/*.js
>> [INFO] Exclude: src/main/resources/docs.cfg [INFO] Exclude:
>> src/main/webapp/fonts/**/* [INFO] 27 resources included (use -debug
>> for more details) [INFO] Rat check: Summary over all files.
>> Unapproved: 0, unknown: 0, generated: 0, approved: 26 licenses.
>> [INFO]
>> [INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @
>> struts2-sitegraph-plugin --- [INFO] Building jar:
>> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/
>> plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT.jar>
>> [INFO]
>> [INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) >
>> generate-sources @ struts2-sitegraph-plugin >>> [INFO] [INFO] ---
>> maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
>> struts2-sitegraph-plugin --- [INFO] [INFO] <<<
>> maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @
>> struts2-sitegraph-plugin <<< [INFO] [INFO] [INFO] ---
>> maven-source-plugin:3.0.1:jar (attach-sources) @
>> struts2-sitegraph-plugin --- [INFO] Building jar:
>> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/
>> plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT-sources
>> .jar>
>> [INFO]
>> [INFO] --- maven-site-plugin:3.7.1:attach-descriptor
>> (attach-descriptor) @ struts2-sitegraph-plugin --- [INFO] Skipping because
>packaging 'jar' is not pom.
>> [INFO]
>> [INFO] --- dependency-check-maven:4.0.2:check (default) @
>> struts2-sitegraph-plugin --- [INFO] Central analyzer disabled [INFO]
>> Checking for updates [INFO] Skipping NVD check since last check was
>> within 4 hours.
>> [INFO] Skipping RetireJS update since last update was within 24 hours.
>> [INFO] Check for updates complete (7 ms) [INFO] Analysis Started
>> [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name
>> Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO]
>> Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished
>> Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0
>> seconds) [INFO] Created CPE Index (0 seconds) [INFO] Skipping CPE
>> Analysis for npm [INFO] Finished CPE Analyzer (0 seconds) [INFO]
>> Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE
>> Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression
>> Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0
>> seconds) [INFO] Analysis Complete (1 seconds) [WARNING]
>>
>> One or more dependencies were identified with known vulnerabilities in
>DEPRECATED: Struts 2 Sitegraph Plugin:
>>
>> org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4,
>> cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4,
>> cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524,
>> CVE-2009-1523, CVE-2005-3747, CVE-2007-5615 jasper-compiler-5.5.12.jar
>> (cpe:/a:apache:tomcat:5.5.12,
>> cpe:/a:apache_software_foundation:tomcat:5.5.12,
>> cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) :
>> CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096,
>> CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519,
>> CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887,
>> CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370,
>> CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342,
>> CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515,
>> CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119,
>> CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075,
>> CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718,
>> CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196,
>> CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783,
>> CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382,
>> CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449,
>> CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286,
>> CVE-2013-2185 jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12,
>> cpe:/a:apache:tomcat:5.5.12,
>> cpe:/a:apache_software_foundation:tomcat:5.5.12,
>> cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548,
>> CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099,
>> CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056,
>> CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526,
>> CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835,
>> CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450,
>> CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325,
>> CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063,
>> CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184,
>> CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195,
>> CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901,
>> CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385,
>> CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580,
>> CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013,
>> CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
>>
>>
>> See the dependency-check report for more details.
>>
>>
>> [INFO]
>> ----------------------------------------------------------------------
>> -- [INFO] Reactor Summary for Struts 2 2.6-SNAPSHOT:
>> [INFO]
>> [INFO] Struts 2 Bill of Materials ......................... SUCCESS [
>> 1.311 s] [INFO] Struts 2 ...........................................
>> SUCCESS [03:30 min] [INFO] Struts 2 Core
>> ...................................... SUCCESS [01:29 min] [INFO]
>> Struts 2 Plugins ................................... SUCCESS [ 2.307
>> s] [INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS
>> [ 2.663 s] [INFO] Struts 2 Sitemesh Plugin
>> ........................... SUCCESS [ 3.123 s] [INFO] Struts 2 Tiles
>> Plugin .............................. SUCCESS [ 4.475 s] [INFO]
>> Struts 2 DWR Plugin ................................ SUCCESS [ 2.623
>> s] [INFO] Struts 2 Spring Plugin ............................. SUCCESS
>> [ 4.578 s] [INFO] Struts 2 Convention Plugin
>> ......................... SUCCESS [ 9.642 s] [INFO] Struts 2 JUnit
>> Plugin .............................. SUCCESS [ 7.375 s] [INFO]
>> Struts 2 JSON Plugin ............................... SUCCESS [ 8.108
>> s] [INFO] Struts 2 Bean Validation Plugin .................... SUCCESS
>> [ 4.799 s] [INFO] Struts 2 Async Plugin
>> .............................. SUCCESS [ 3.717 s] [INFO] Struts 2
>> Webapps ................................... SUCCESS [ 2.952 s] [INFO]
>> Struts 2 Showcase Webapp ........................... SUCCESS [ 50.391
>> s] [INFO] Struts 2 REST Plugin ............................... SUCCESS
>> [ 5.658 s] [INFO] Struts 2 Rest Showcase Webapp
>> ...................... SUCCESS [ 3.064 s] [INFO] Struts 2 CDI Plugin
>> ................................ SUCCESS [ 4.243 s] [INFO]
>> DEPRECATED: Struts 2 Embedded JSP Plugin ........... SUCCESS [ 8.846
>> s] [INFO] Struts 2 GXP Plugin ................................ SUCCESS
>> [ 2.715 s] [INFO] Struts 2 Jasper Reports Plugin
>> ..................... SUCCESS [ 6.386 s] [INFO] Struts 2 Java
>> Templates Plugin ..................... SUCCESS [ 3.843 s] [INFO]
>> Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.191
>> s] [INFO] Struts 2 OSGi Plugin ............................... SUCCESS
>> [ 4.481 s] [INFO] Struts 2 OVal Plugin
>> ............................... SUCCESS [ 5.519 s] [INFO] Struts 2
>> Pell Multipart Plugin ..................... SUCCESS [ 3.345 s] [INFO]
>> Struts 2 Plexus Plugin ............................. SUCCESS [ 2.621
>> s] [INFO] Struts 2 Portlet Plugin ............................ SUCCESS
>> [ 7.886 s] [INFO] Struts 2 Portlet Tiles Plugin
>> ...................... SUCCESS [ 2.891 s] [INFO] DEPRECATED: Struts 2
>> Sitegraph Plugin .............. FAILURE [ 6.757 s] [INFO] Struts 2
>> TestNG Plugin ............................. SKIPPED [INFO] Struts 2
>> OSGi Bundles .............................. SKIPPED [INFO] Struts 2
>> OSGi Admin Bundle ......................... SKIPPED [INFO] Struts 2
>> OSGi Demo Bundle .......................... SKIPPED [INFO] Struts 2
>> Assembly .................................. SKIPPED [INFO]
>> ----------------------------------------------------------------------
>> --
>> [INFO] BUILD FAILURE
>> [INFO]
>> ----------------------------------------------------------------------
>> --
>> [INFO] Total time: 08:03 min
>> [INFO] Finished at: 2019-02-05T09:30:18Z [INFO]
>> ----------------------------------------------------------------------
>> -- [ERROR] Failed to execute goal
>> org.owasp:dependency-check-maven:4.0.2:check (default) on project struts2-
>sitegraph-plugin:
>> [ERROR]
>> [ERROR] One or more dependencies were identified with vulnerabilities that
>have a CVSS score greater than or equal to '7.0':
>> [ERROR]
>> [ERROR] jasper-compiler-5.5.12.jar: CVE-2009-3548, CVE-2011-3190,
>> CVE-2016-6325, CVE-2016-5425, CVE-2013-2185 [ERROR]
>> jasper-runtime-5.5.12.jar: CVE-2009-3548, CVE-2011-3190,
>> CVE-2016-6325, CVE-2016-5425, CVE-2013-2185 [ERROR] [ERROR] See the
>dependency-check report for more details.
>> [ERROR]
>> [ERROR]
>> [ERROR] -> [Help 1]
>> [ERROR]
>> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e
>switch.
>> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
>> [ERROR]
>> [ERROR] For more information about the errors and possible solutions, please
>read the following articles:
>> [ERROR] [Help 1]
>> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
>> [ERROR]
>> [ERROR] After correcting the problems, you can resume the build with the
>command
>> [ERROR] mvn <goals> -rf :struts2-sitegraph-plugin
>> Build step 'Execute shell' marked build as failure [locks-and-latches]
>> Releasing all the locks [locks-and-latches] All the locks released
>> Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org For
>> additional commands, e-mail: dev-help@struts.apache.org
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org For additional
>commands, e-mail: dev-help@struts.apache.org
Re: Build failed in Jenkins: Struts-master-JDK8-dependency-check #141
Posted by Lukasz Lenart <lu...@apache.org>.
I think, we can drop this build as we switched to JDK8 for Struts 2.6
(it's the master branch). I will use an existing job to take over
those responsibilities.
wt., 5 lut 2019 o 10:30 Apache Jenkins Server
<je...@builds.apache.org> napisał(a):
>
> See <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/141/display/redirect?page=changes>
>
> Changes:
>
> [github] Switch to Java 8
>
> [github] Update Jenkinsfile
>
> [github] Update .travis.yml
>
> [lukaszlenart] Adds a link to JavaDocs
>
> [yasserzamani] upgrade to ASM 7
>
> [amashchenko] WW-4991 Not existing property in listValueKey throws exception
>
> ------------------------------------------
> [...truncated 912.91 KB...]
> [INFO] Exclude: src/main/webapp/**/*.svg
> [INFO] Exclude: src/main/webapp/**/*.txt
> [INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
> [INFO] Exclude: src/main/resources/**/docs-urls.txt
> [INFO] Exclude: src/etc/header.txt
> [INFO] Exclude: src/main/resources/static/css/**/*.css
> [INFO] Exclude: src/main/resources/static/js/**/*.js
> [INFO] Exclude: src/main/resources/docs.cfg
> [INFO] Exclude: src/main/webapp/fonts/**/*
> [INFO] 5 resources included (use -debug for more details)
> [INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 4 licenses.
> [INFO]
> [INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-portlet-tiles-plugin ---
> [INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT.jar>
> [INFO]
> [INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-portlet-tiles-plugin >>>
> [INFO]
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-portlet-tiles-plugin ---
> [INFO]
> [INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-portlet-tiles-plugin <<<
> [INFO]
> [INFO]
> [INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-portlet-tiles-plugin ---
> [INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT-sources.jar>
> [INFO]
> [INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-portlet-tiles-plugin ---
> [INFO] Skipping because packaging 'jar' is not pom.
> [INFO]
> [INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-portlet-tiles-plugin ---
> [INFO] Central analyzer disabled
> [INFO] Checking for updates
> [INFO] Skipping NVD check since last check was within 4 hours.
> [INFO] Skipping RetireJS update since last update was within 24 hours.
> [INFO] Check for updates complete (7 ms)
> [INFO] Analysis Started
> [INFO] Finished Archive Analyzer (0 seconds)
> [INFO] Finished File Name Analyzer (0 seconds)
> [INFO] Finished Jar Analyzer (0 seconds)
> [INFO] Finished Dependency Merging Analyzer (0 seconds)
> [INFO] Finished Version Filter Analyzer (0 seconds)
> [INFO] Finished Hint Analyzer (0 seconds)
> [INFO] Created CPE Index (0 seconds)
> [INFO] Skipping CPE Analysis for npm
> [INFO] Finished CPE Analyzer (0 seconds)
> [INFO] Finished False Positive Analyzer (0 seconds)
> [INFO] Finished NVD CVE Analyzer (0 seconds)
> [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
> [INFO] Finished Dependency Bundling Analyzer (0 seconds)
> [INFO] Analysis Complete (1 seconds)
> [WARNING]
>
> One or more dependencies were identified with known vulnerabilities in Struts 2 Portlet Tiles Plugin:
>
> tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8, cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) : CVE-2016-3093
>
>
> See the dependency-check report for more details.
>
>
> [INFO]
> [INFO] -------------< org.apache.struts:struts2-sitegraph-plugin >-------------
> [INFO] Building DEPRECATED: Struts 2 Sitegraph Plugin 2.6-SNAPSHOT [31/36]
> [INFO] --------------------------------[ jar ]---------------------------------
> [INFO]
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
> [INFO]
> [INFO] --- maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ struts2-sitegraph-plugin ---
> [INFO]
> [INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-sitegraph-plugin ---
> [INFO] Using 'UTF-8' encoding to copy filtered resources.
> [INFO] Copying 3 resources
> [INFO] Copying 3 resources
> [INFO]
> [INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ struts2-sitegraph-plugin ---
> [INFO] Changes detected - recompiling the module!
> [INFO] Compiling 18 source files to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/classes>
> [INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java> uses unchecked or unsafe operations.
> [INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: Recompile with -Xlint:unchecked for details.
> [INFO]
> [INFO] --- maven-bundle-plugin:3.5.0:manifest (bundle-manifest) @ struts2-sitegraph-plugin ---
> [INFO]
> [INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-sitegraph-plugin ---
> [INFO] Using 'UTF-8' encoding to copy filtered resources.
> [INFO] Copying 6 resources
> [INFO] Copying 3 resources
> [INFO]
> [INFO] --- maven-compiler-plugin:3.7.0:testCompile (default-testCompile) @ struts2-sitegraph-plugin ---
> [INFO] Changes detected - recompiling the module!
> [INFO] Compiling 1 source file to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/test-classes>
> [INFO]
> [INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ struts2-sitegraph-plugin ---
> [INFO]
> [INFO] -------------------------------------------------------
> [INFO] T E S T S
> [INFO] -------------------------------------------------------
> [INFO] Running org.apache.struts2.sitegraph.SiteGraphTest
> ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console...
> [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.741 s - in org.apache.struts2.sitegraph.SiteGraphTest
> [INFO]
> [INFO] Results:
> [INFO]
> [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
> [INFO]
> [INFO]
> [INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-sitegraph-plugin ---
> [INFO] Added 1 additional default licenses.
> [INFO] Added 1 custom approved licenses.
> [INFO] Will parse SCM ignores for exclusions...
> [INFO] Finished adding exclusions from SCM ignore files.
> [INFO] 61 implicit excludes (use -debug for more details).
> [INFO] Exclude: Jenkinsfile
> [INFO] Exclude: src/main/groovy/Jenkinsfile.gdsl
> [INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
> [INFO] Exclude: src/site/resources/tags/**/*.html
> [INFO] Exclude: src/main/resources/*LICENSE.txt
> [INFO] Exclude: src/test/resources/**/*.txt
> [INFO] Exclude: src/main/webapp/**/*.css
> [INFO] Exclude: src/main/webapp/**/*.map
> [INFO] Exclude: src/main/webapp/**/*.js
> [INFO] Exclude: src/main/webapp/**/*.svg
> [INFO] Exclude: src/main/webapp/**/*.txt
> [INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
> [INFO] Exclude: src/main/resources/**/docs-urls.txt
> [INFO] Exclude: src/etc/header.txt
> [INFO] Exclude: src/main/resources/static/css/**/*.css
> [INFO] Exclude: src/main/resources/static/js/**/*.js
> [INFO] Exclude: src/main/resources/docs.cfg
> [INFO] Exclude: src/main/webapp/fonts/**/*
> [INFO] 27 resources included (use -debug for more details)
> [INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 26 licenses.
> [INFO]
> [INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-sitegraph-plugin ---
> [INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT.jar>
> [INFO]
> [INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-sitegraph-plugin >>>
> [INFO]
> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-sitegraph-plugin ---
> [INFO]
> [INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-sitegraph-plugin <<<
> [INFO]
> [INFO]
> [INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-sitegraph-plugin ---
> [INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT-sources.jar>
> [INFO]
> [INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-sitegraph-plugin ---
> [INFO] Skipping because packaging 'jar' is not pom.
> [INFO]
> [INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-sitegraph-plugin ---
> [INFO] Central analyzer disabled
> [INFO] Checking for updates
> [INFO] Skipping NVD check since last check was within 4 hours.
> [INFO] Skipping RetireJS update since last update was within 24 hours.
> [INFO] Check for updates complete (7 ms)
> [INFO] Analysis Started
> [INFO] Finished Archive Analyzer (0 seconds)
> [INFO] Finished File Name Analyzer (0 seconds)
> [INFO] Finished Jar Analyzer (0 seconds)
> [INFO] Finished Dependency Merging Analyzer (0 seconds)
> [INFO] Finished Version Filter Analyzer (0 seconds)
> [INFO] Finished Hint Analyzer (0 seconds)
> [INFO] Created CPE Index (0 seconds)
> [INFO] Skipping CPE Analysis for npm
> [INFO] Finished CPE Analyzer (0 seconds)
> [INFO] Finished False Positive Analyzer (0 seconds)
> [INFO] Finished NVD CVE Analyzer (0 seconds)
> [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
> [INFO] Finished Dependency Bundling Analyzer (0 seconds)
> [INFO] Analysis Complete (1 seconds)
> [WARNING]
>
> One or more dependencies were identified with known vulnerabilities in DEPRECATED: Struts 2 Sitegraph Plugin:
>
> org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4, cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4, cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524, CVE-2009-1523, CVE-2005-3747, CVE-2007-5615
> jasper-compiler-5.5.12.jar (cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
> jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12, cpe:/a:apache:tomcat:5.5.12, cpe:/a:apache_software_foundation:tomcat:5.5.12, cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, CVE-2013-2185
>
>
> See the dependency-check report for more details.
>
>
> [INFO] ------------------------------------------------------------------------
> [INFO] Reactor Summary for Struts 2 2.6-SNAPSHOT:
> [INFO]
> [INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.311 s]
> [INFO] Struts 2 ........................................... SUCCESS [03:30 min]
> [INFO] Struts 2 Core ...................................... SUCCESS [01:29 min]
> [INFO] Struts 2 Plugins ................................... SUCCESS [ 2.307 s]
> [INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 2.663 s]
> [INFO] Struts 2 Sitemesh Plugin ........................... SUCCESS [ 3.123 s]
> [INFO] Struts 2 Tiles Plugin .............................. SUCCESS [ 4.475 s]
> [INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 2.623 s]
> [INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 4.578 s]
> [INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 9.642 s]
> [INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 7.375 s]
> [INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 8.108 s]
> [INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 4.799 s]
> [INFO] Struts 2 Async Plugin .............................. SUCCESS [ 3.717 s]
> [INFO] Struts 2 Webapps ................................... SUCCESS [ 2.952 s]
> [INFO] Struts 2 Showcase Webapp ........................... SUCCESS [ 50.391 s]
> [INFO] Struts 2 REST Plugin ............................... SUCCESS [ 5.658 s]
> [INFO] Struts 2 Rest Showcase Webapp ...................... SUCCESS [ 3.064 s]
> [INFO] Struts 2 CDI Plugin ................................ SUCCESS [ 4.243 s]
> [INFO] DEPRECATED: Struts 2 Embedded JSP Plugin ........... SUCCESS [ 8.846 s]
> [INFO] Struts 2 GXP Plugin ................................ SUCCESS [ 2.715 s]
> [INFO] Struts 2 Jasper Reports Plugin ..................... SUCCESS [ 6.386 s]
> [INFO] Struts 2 Java Templates Plugin ..................... SUCCESS [ 3.843 s]
> [INFO] Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.191 s]
> [INFO] Struts 2 OSGi Plugin ............................... SUCCESS [ 4.481 s]
> [INFO] Struts 2 OVal Plugin ............................... SUCCESS [ 5.519 s]
> [INFO] Struts 2 Pell Multipart Plugin ..................... SUCCESS [ 3.345 s]
> [INFO] Struts 2 Plexus Plugin ............................. SUCCESS [ 2.621 s]
> [INFO] Struts 2 Portlet Plugin ............................ SUCCESS [ 7.886 s]
> [INFO] Struts 2 Portlet Tiles Plugin ...................... SUCCESS [ 2.891 s]
> [INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. FAILURE [ 6.757 s]
> [INFO] Struts 2 TestNG Plugin ............................. SKIPPED
> [INFO] Struts 2 OSGi Bundles .............................. SKIPPED
> [INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
> [INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
> [INFO] Struts 2 Assembly .................................. SKIPPED
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 08:03 min
> [INFO] Finished at: 2019-02-05T09:30:18Z
> [INFO] ------------------------------------------------------------------------
> [ERROR] Failed to execute goal org.owasp:dependency-check-maven:4.0.2:check (default) on project struts2-sitegraph-plugin:
> [ERROR]
> [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
> [ERROR]
> [ERROR] jasper-compiler-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
> [ERROR] jasper-runtime-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, CVE-2016-6325, CVE-2016-5425, CVE-2013-2185
> [ERROR]
> [ERROR] See the dependency-check report for more details.
> [ERROR]
> [ERROR]
> [ERROR] -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions, please read the following articles:
> [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
> [ERROR]
> [ERROR] After correcting the problems, you can resume the build with the command
> [ERROR] mvn <goals> -rf :struts2-sitegraph-plugin
> Build step 'Execute shell' marked build as failure
> [locks-and-latches] Releasing all the locks
> [locks-and-latches] All the locks released
> Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org