[ https://issues.apache.org/jira/browse/HADOOP-13732?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15586420#comment-15586420 ]
Mike Yoder commented on HADOOP-13732: ------------------------------------- I'd have to make a dependency-check specific note in BUILDING.txt, which seems a little awkard. (The normal build isn't affected, of course.) I'll see what I can do. My only alternative idea is a comment around this plugin in pom.xml. I do agree it needs to be documented somewhere. * I don't even think that maven is _available_ on RHEL 6.6 * My RHEL 7.2 machine looks like it would use version 3.0.5-16 * My Ubuntu 16.04 machine is using 3.3.9 * Looks like Ubuntu 14.04 uses 3.0.5-1 The maven release history page is at https://maven.apache.org/docs/history.html > Upgrade OWASP dependency-check plugin version > --------------------------------------------- > > Key: HADOOP-13732 > URL: https://issues.apache.org/jira/browse/HADOOP-13732 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Mike Yoder > Assignee: Mike Yoder > Priority: Minor > Attachments: HADOOP-13732.001.patch > > > For reasons I don't fully understand, the current version (1.3.6) of the > OWASP dependency-check plugin produces an essentially empty report on trunk > (3.0.0). After some research, it appears that this plugin has undergone > significant work in the latest version, 1.4.3. Upgrading to this version > produces the expected full report. > The only gotcha is that a new-ish version of maven is required. I'm using > 3.2.2; I know that 3.0.x fails with a strange error. > This plugin was introduced in HADOOP-13198. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org