Mike Yoder commented on HADOOP-13732:

I'd have to make a dependency-check specific note in BUILDING.txt, which seems 
a little awkard. (The normal build isn't affected, of course.) I'll see what I 
can do. My only alternative idea is a comment around this plugin in pom.xml. I 
do agree it needs to be documented somewhere.

* I don't even think that maven is _available_ on RHEL 6.6
* My RHEL 7.2 machine looks like it would use version 3.0.5-16
* My Ubuntu 16.04 machine is using 3.3.9
* Looks like Ubuntu 14.04 uses 3.0.5-1

The maven release history page is at https://maven.apache.org/docs/history.html

> Upgrade OWASP dependency-check plugin version
> ---------------------------------------------
>                 Key: HADOOP-13732
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13732
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Mike Yoder
>            Assignee: Mike Yoder
>            Priority: Minor
>         Attachments: HADOOP-13732.001.patch
> For reasons I don't fully understand, the current version (1.3.6) of the 
> OWASP dependency-check plugin produces an essentially empty report on trunk 
> (3.0.0).  After some research, it appears that this plugin has undergone 
> significant work in the latest version, 1.4.3. Upgrading to this version 
> produces the expected full report.
> The only gotcha is that a new-ish version of maven is required. I'm using 
> 3.2.2; I know that 3.0.x fails with a strange error.
> This plugin was introduced in HADOOP-13198.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to