You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@any23.apache.org by "dataminer.accolade (Jira)" <ji...@apache.org> on 2022/10/02 20:43:00 UTC
[jira] [Updated] (ANY23-608) Any23 cannot be built due to security vulnerabilities.
[ https://issues.apache.org/jira/browse/ANY23-608?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
dataminer.accolade updated ANY23-608:
-------------------------------------
Description:
Ich have tried to build from the following Dockerfile:
{code:java}
FROM maven:3-jdk-11 AS build
ARG ANY23_VERSION_ARG
ENV ANY23_VERSION=${ANY23_VERSION_ARG:-2.7}
ENV ARCHIV_NAME="tmp-archiv.tar.gz"RUN mkdir -p ~/.m2/
RUN echo "<settings><mirrors><mirror><id>maven-central</id><mirrorOf>*</mirrorOf><url>https://repo.maven.apache.org/maven2</url><blocked>false</blocked></mirror></mirrors></settings>" > ~/.m2/settings.xml
WORKDIR /any23
RUN curl -L --output "$ARCHIV_NAME" "https://api.github.com/repos/apache/any23/tarball/refs/tags/any23-$ANY23_VERSION"
RUN tar xf "$ARCHIV_NAME" --strip-components=1
RUN rm "$ARCHIV_NAME"
RUN mvn clean install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true {code}
I had to exclude the following packages with (-Dossindex.excludeCoordinates) to complete the build process:
com.drewnoakes:metadata-extractor:2.16.0
com.fasterxml.jackson.core:jackson-databind:2.11.4
com.google.guava:guava:30.1.1-jre
org.apache.poi:poi-scratchpad:5.2.0
org.apache.tika:tika-core:2.3.0
org.apache.tika:tika-parser-image-module:2.3.0
org.jsoup:jsoup:1.14.3
org.yaml:snakeyaml:1.30
xerces:xercesImpl:2.12.2
was:
Ich have tried to build from the following Dockerfile:
{code:java}
FROM maven:3-jdk-11 AS buildARG ANY23_VERSION_ARG
ENV ANY23_VERSION=${ANY23_VERSION_ARG:-2.7}
ENV ARCHIV_NAME="tmp-archiv.tar.gz"RUN mkdir -p ~/.m2/
RUN echo "<settings><mirrors><mirror><id>maven-central</id><mirrorOf>*</mirrorOf><url>https://repo.maven.apache.org/maven2</url><blocked>false</blocked></mirror></mirrors></settings>" > ~/.m2/settings.xml
WORKDIR /any23
RUN curl -L --output "$ARCHIV_NAME" "https://api.github.com/repos/apache/any23/tarball/refs/tags/any23-$ANY23_VERSION"
RUN tar xf "$ARCHIV_NAME" --strip-components=1
RUN rm "$ARCHIV_NAME"
RUN mvn clean install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true {code}
I had to exclude the following packages with (-Dossindex.excludeCoordinates) to complete the build process:
com.drewnoakes:metadata-extractor:2.16.0
com.fasterxml.jackson.core:jackson-databind:2.11.4
com.google.guava:guava:30.1.1-jre
org.apache.poi:poi-scratchpad:5.2.0
org.apache.tika:tika-core:2.3.0
org.apache.tika:tika-parser-image-module:2.3.0
org.jsoup:jsoup:1.14.3
org.yaml:snakeyaml:1.30
xerces:xercesImpl:2.12.2
> Any23 cannot be built due to security vulnerabilities.
> ------------------------------------------------------
>
> Key: ANY23-608
> URL: https://issues.apache.org/jira/browse/ANY23-608
> Project: Apache Any23
> Issue Type: Improvement
> Affects Versions: 2.7
> Reporter: dataminer.accolade
> Priority: Major
>
> Ich have tried to build from the following Dockerfile:
> {code:java}
> FROM maven:3-jdk-11 AS build
> ARG ANY23_VERSION_ARG
> ENV ANY23_VERSION=${ANY23_VERSION_ARG:-2.7}
> ENV ARCHIV_NAME="tmp-archiv.tar.gz"RUN mkdir -p ~/.m2/
> RUN echo "<settings><mirrors><mirror><id>maven-central</id><mirrorOf>*</mirrorOf><url>https://repo.maven.apache.org/maven2</url><blocked>false</blocked></mirror></mirrors></settings>" > ~/.m2/settings.xml
> WORKDIR /any23
> RUN curl -L --output "$ARCHIV_NAME" "https://api.github.com/repos/apache/any23/tarball/refs/tags/any23-$ANY23_VERSION"
> RUN tar xf "$ARCHIV_NAME" --strip-components=1
> RUN rm "$ARCHIV_NAME"
> RUN mvn clean install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true {code}
> I had to exclude the following packages with (-Dossindex.excludeCoordinates) to complete the build process:
> com.drewnoakes:metadata-extractor:2.16.0
> com.fasterxml.jackson.core:jackson-databind:2.11.4
> com.google.guava:guava:30.1.1-jre
> org.apache.poi:poi-scratchpad:5.2.0
> org.apache.tika:tika-core:2.3.0
> org.apache.tika:tika-parser-image-module:2.3.0
> org.jsoup:jsoup:1.14.3
> org.yaml:snakeyaml:1.30
> xerces:xercesImpl:2.12.2
--
This message was sent by Atlassian Jira
(v8.20.10#820010)