You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@calcite.apache.org by "Stamatis Zampetakis (Jira)" <ji...@apache.org> on 2019/09/02 07:50:00 UTC
[jira] [Resolved] (CALCITE-3314) CVSS dependency-check-maven fails
for calcite-pig, calcite-piglet, calcite-spark
[ https://issues.apache.org/jira/browse/CALCITE-3314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stamatis Zampetakis resolved CALCITE-3314.
------------------------------------------
Resolution: Fixed
Fixed in [c9520c35899fe5ac363053e9fb9b292989b1176c|https://github.com/apache/calcite/commit/c9520c35899fe5ac363053e9fb9b292989b1176c]!
> CVSS dependency-check-maven fails for calcite-pig, calcite-piglet, calcite-spark
> --------------------------------------------------------------------------------
>
> Key: CALCITE-3314
> URL: https://issues.apache.org/jira/browse/CALCITE-3314
> Project: Calcite
> Issue Type: Bug
> Reporter: Stamatis Zampetakis
> Assignee: Stamatis Zampetakis
> Priority: Blocker
> Labels: pull-request-available
> Fix For: 1.21.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Calcite build fails if the CVSS dependency check is active since there are serious vulnerabilties in calcite-pig, calcite-piglet, calcite-spark.
> Running mvn install -Ppedantic -fn gives the following errors:
> {noformat}
> ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.2.1:check (default) on project calcite-pig:
> [ERROR]
> [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0':
> [ERROR]
> [ERROR] jetty-6.1.26.jar: CVE-2017-7658, CVE-2017-7657
> [ERROR] groovy-all-1.8.6.jar: CVE-2015-3253, CVE-2016-6814
> [ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.2.1:check (default) on project calcite-piglet:
> [ERROR]
> [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0':
> [ERROR]
> [ERROR] jetty-6.1.26.jar: CVE-2017-7658, CVE-2017-7657
> [ERROR] jackson-core-asl-1.8.8.jar: CVE-2017-17485, CVE-2017-7525, CVE-2017-15095
> [ERROR] groovy-all-1.8.6.jar: CVE-2015-3253, CVE-2016-6814
> [ERROR] jackson-xc-1.8.3.jar: CVE-2017-17485, CVE-2017-7525, CVE-2017-15095
> [ERROR] hadoop-auth-2.7.5.jar: CVE-2018-8029, CVE-2018-11766, CVE-2018-8009
> [ERROR] api-util-1.0.0-M20.jar: CVE-2018-1337
> [ERROR] zookeeper-3.4.6.jar: CVE-2016-5017
> [ERROR] htrace-core-3.1.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml: CVE-2017-17485, CVE-2018-5968, CVE-2017-15095, CVE-2019-14379, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2017-7525, CVE-2018-11307, CVE-2018-14718, CVE-2018-7489, CVE-2018-14719, CVE-2018-14721, CVE-2018-14720
> [ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.2.1:check (default) on project calcite-spark:
> [ERROR]
> [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0':
> [ERROR]
> [ERROR] spark-core_2.10-2.2.0.jar: CVE-2018-17190
> [ERROR] api-util-1.0.0-M20.jar: CVE-2018-1337
> [ERROR] hadoop-mapreduce-client-core-2.7.5.jar: CVE-2018-8029, CVE-2018-11766, CVE-2018-8009
> [ERROR] bcprov-jdk15on-1.51.jar: CVE-2018-1000613
> [ERROR] zookeeper-3.4.6.jar: CVE-2016-5017
> [ERROR] unused-1.0.0.jar: CVE-2018-17190
> [ERROR] htrace-core-3.1.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml: CVE-2017-17485, CVE-2018-5968, CVE-2017-15095, CVE-2019-14379, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2017-7525, CVE-2018-11307, CVE-2018-14718, CVE-2018-7489, CVE-2018-14719, CVE-2018-14721, CVE-2018-14720
> [ERROR] spark-core_2.10-2.2.0.jar/META-INF/maven/org.eclipse.jetty/jetty-plus/pom.xml: CVE-2017-7658, CVE-2017-7657
> {noformat}
>
--
This message was sent by Atlassian Jira
(v8.3.2#803003)