See <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/137/display/redirect>
Changes: ------------------------------------------ [...truncated 1.65 MB...] [dependency-check] Download Complete for NVD CVE - 2008 (694 ms) [dependency-check] Processing Started for NVD CVE - 2008 [dependency-check] Processing Complete for NVD CVE - 2007 (6084 ms) [dependency-check] Download Started for NVD CVE - 2009 [dependency-check] Download Complete for NVD CVE - 2009 (690 ms) [dependency-check] Processing Started for NVD CVE - 2009 [dependency-check] Processing Complete for NVD CVE - 2008 (8145 ms) [dependency-check] Download Started for NVD CVE - 2010 [dependency-check] Download Complete for NVD CVE - 2010 (701 ms) [dependency-check] Processing Started for NVD CVE - 2010 [dependency-check] Processing Complete for NVD CVE - 2009 (8536 ms) [dependency-check] Download Started for NVD CVE - 2011 [dependency-check] Download Complete for NVD CVE - 2011 (692 ms) [dependency-check] Processing Started for NVD CVE - 2011 [dependency-check] Download Started for NVD CVE - 2012 [dependency-check] Download Complete for NVD CVE - 2012 (677 ms) [dependency-check] Processing Started for NVD CVE - 2012 [dependency-check] Processing Complete for NVD CVE - 2010 (9935 ms) [dependency-check] Download Started for NVD CVE - 2013 [dependency-check] Download Complete for NVD CVE - 2013 (697 ms) [dependency-check] Processing Started for NVD CVE - 2013 [dependency-check] Processing Complete for NVD CVE - 2011 (11115 ms) [dependency-check] Download Started for NVD CVE - 2014 [dependency-check] Download Complete for NVD CVE - 2014 (705 ms) [dependency-check] Processing Started for NVD CVE - 2014 [dependency-check] Download Started for NVD CVE - 2015 [dependency-check] Processing Complete for NVD CVE - 2012 (13664 ms) [dependency-check] Download Complete for NVD CVE - 2015 (701 ms) [dependency-check] Processing Started for NVD CVE - 2015 [dependency-check] Download Started for NVD CVE - 2016 [dependency-check] Processing Complete for NVD CVE - 2013 (13794 ms) [dependency-check] Download Complete for NVD CVE - 2016 (710 ms) [dependency-check] Processing Started for NVD CVE - 2016 [dependency-check] Processing Complete for NVD CVE - 2014 (10818 ms) [dependency-check] Processing Complete for NVD CVE - 2015 (8273 ms) [dependency-check] Download Started for NVD CVE - 2017 [dependency-check] Download Complete for NVD CVE - 2017 (767 ms) [dependency-check] Processing Started for NVD CVE - 2017 [dependency-check] Download Started for NVD CVE - 2018 [dependency-check] Download Complete for NVD CVE - 2018 (782 ms) [dependency-check] Processing Started for NVD CVE - 2018 [dependency-check] Processing Complete for NVD CVE - 2016 (10135 ms) [dependency-check] Download Started for NVD CVE - 2019 [dependency-check] Download Complete for NVD CVE - 2019 (757 ms) [dependency-check] Processing Started for NVD CVE - 2019 [dependency-check] Download Started for NVD CVE - 2020 [dependency-check] Download Complete for NVD CVE - 2020 (774 ms) [dependency-check] Processing Started for NVD CVE - 2020 [dependency-check] Processing Complete for NVD CVE - 2017 (15155 ms) [dependency-check] Download Started for NVD CVE - 2021 [dependency-check] Download Complete for NVD CVE - 2021 (813 ms) [dependency-check] Processing Started for NVD CVE - 2021 [dependency-check] Processing Complete for NVD CVE - 2018 (14616 ms) [dependency-check] Download Started for NVD CVE - 2022 [dependency-check] Download Complete for NVD CVE - 2022 (806 ms) [dependency-check] Processing Started for NVD CVE - 2022 [dependency-check] Processing Complete for NVD CVE - 2019 (15095 ms) [dependency-check] Processing Complete for NVD CVE - 2020 (12844 ms) [dependency-check] Download Started for NVD CVE - 2023 [dependency-check] Download Complete for NVD CVE - 2023 (769 ms) [dependency-check] Processing Started for NVD CVE - 2023 [dependency-check] Processing Complete for NVD CVE - 2021 (15215 ms) [dependency-check] Processing Complete for NVD CVE - 2022 (15501 ms) [dependency-check] Processing Complete for NVD CVE - 2023 (11839 ms) [dependency-check] Download Started for NVD CVE - Modified [dependency-check] Download Complete for NVD CVE - Modified (612 ms) [dependency-check] Processing Started for NVD CVE - Modified [dependency-check] Processing Complete for NVD CVE - Modified (3356 ms) [dependency-check] Begin database maintenance [dependency-check] Updated the CPE ecosystem on 136591 NVD records [dependency-check] Removed the CPE ecosystem on 3906 NVD records [dependency-check] Cleaned up 2 orphaned NVD records [dependency-check] End database maintenance (17146 ms) [dependency-check] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json [dependency-check] Begin database defrag [dependency-check] End database defrag (32242 ms) [dependency-check] Check for updates complete (174777 ms) [dependency-check] [dependency-check] [dependency-check] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user?s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. [dependency-check] [dependency-check] [dependency-check] About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html [dependency-check] False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html [dependency-check] [dependency-check] ? Sponsor: https://github.com/sponsors/jeremylong [dependency-check] Analysis Started [dependency-check] Finished Archive Analyzer (10 seconds) [dependency-check] Finished File Name Analyzer (0 seconds) [dependency-check] Finished Jar Analyzer (2 seconds) [dependency-check] Finished Central Analyzer (111 seconds) [dependency-check] Finished Dependency Merging Analyzer (0 seconds) [dependency-check] Finished Hint Analyzer (0 seconds) [dependency-check] Finished Version Filter Analyzer (0 seconds) [dependency-check] Created CPE Index (18 seconds) [dependency-check] Finished CPE Analyzer (37 seconds) [dependency-check] Finished False Positive Analyzer (0 seconds) [dependency-check] Finished NVD CVE Analyzer (1 seconds) [dependency-check] Finished RetireJS Analyzer (3 seconds) [dependency-check] Finished Sonatype OSS Index Analyzer (25 seconds) [dependency-check] Finished Vulnerability Suppression Analyzer (0 seconds) [dependency-check] Finished Known Exploited Vulnerability Analyzer (0 seconds) [dependency-check] Finished Dependency Bundling Analyzer (2 seconds) [dependency-check] Finished Unused Suppression Rule Analyzer (0 seconds) [dependency-check] Analysis Complete (205 seconds) [dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.xml> [dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.html> [dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.json> [dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.csv> [dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-report.sarif> [dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-jenkins.html> [dependency-check] Writing report to: <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/ivy/dependency-check-ant/dependency-check-junit.xml> [dependency-check] Element event queue destroyed: {0} [dependency-check] In DISPOSE, [{0}] fromRemote [{1}] [dependency-check] In DISPOSE, [{0}] auxiliary [{1}] [dependency-check] In DISPOSE, [{0}] put {1} into auxiliary [{2}] [dependency-check] In dispose, destroying event queue. [dependency-check] Cache event queue destroyed: {0} [dependency-check] {0}: Saving keys to: {1}, key count: {2} [dependency-check] {0}: Finished saving keys. [dependency-check] {0}: Shutdown complete. [dependency-check] In DISPOSE, [{0}] disposing of memory cache. [dependency-check] Memory Cache dispose called. [dependency-check] In DISPOSE, [{0}] fromRemote [{1}] [dependency-check] In DISPOSE, [{0}] auxiliary [{1}] [dependency-check] In DISPOSE, [{0}] put {1} into auxiliary [{2}] [dependency-check] In dispose, destroying event queue. [dependency-check] Cache event queue destroyed: {0} [dependency-check] {0}: Saving keys to: {1}, key count: {2} [dependency-check] {0}: Finished saving keys. [dependency-check] {0}: Shutdown complete. [dependency-check] In DISPOSE, [{0}] disposing of memory cache. [dependency-check] Memory Cache dispose called. [dependency-check] In DISPOSE, [{0}] fromRemote [{1}] [dependency-check] In DISPOSE, [{0}] auxiliary [{1}] [dependency-check] In DISPOSE, [{0}] put {1} into auxiliary [{2}] [dependency-check] In dispose, destroying event queue. [dependency-check] Cache event queue destroyed: {0} [dependency-check] {0}: Saving keys to: {1}, key count: {2} [dependency-check] {0}: Finished saving keys. [dependency-check] {0}: Shutdown complete. [dependency-check] In DISPOSE, [{0}] disposing of memory cache. [dependency-check] Memory Cache dispose called. [dependency-check] In dispose, destroying event queue. [dependency-check] {0}: Not alive and dispose was called, filename: {1} [dependency-check] In dispose, destroying event queue. [dependency-check] {0}: Not alive and dispose was called, filename: {1} [dependency-check] In dispose, destroying event queue. [dependency-check] {0}: Not alive and dispose was called, filename: {1} BUILD FAILED <https://ci-builds.apache.org/job/Nutch/job/Nutch-trunk/ws/build.xml>:651: Dependency-Check Failure: One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '1.0': aggs-matrix-stats-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147 amqp-client-5.2.0.jar: CVE-2018-11087, CVE-2023-46120 avro-1.7.7.jar: CVE-2023-39410 aws-java-sdk-core-1.10.0.jar: CVE-2022-31159 commons-compress-1.23.0.jar: CVE-2023-42503 commons-httpclient-3.1.jar: CVE-2020-13956, CVE-2012-5783 commons-net-1.2.2.jar: CVE-2021-37533 commons-net-3.8.0.jar: CVE-2021-37533 connect-api-1.1.0.jar: CVE-2018-17196 cxf-core-3.5.3.jar: CVE-2022-46363, CVE-2022-46364 elasticsearch-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147, CVE-2023-31419, CVE-2023-31418 elasticsearch-core-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147 gson-2.8.4.jar: CVE-2022-25647 guava-31.1-jre.jar: CVE-2020-8908, CVE-2023-2976 hadoop-shaded-guava-1.1.1.jar/META-INF/maven/com.google.guava/guava/pom.xml: CVE-2020-8908, CVE-2023-2976 hadoop-shaded-protobuf_3_7-1.1.1.jar/META-INF/maven/com.google.protobuf/protobuf-java/pom.xml: CVE-2022-3171, CVE-2022-3509, CVE-2021-22569 hadoop-yarn-common-3.3.6.jar: jquery.dataTables.min.js: possible XSS, CVE-2021-23445, CVE-2020-28458, prototype pollution htmlunit-core-js-2.67.0.jar: CVE-2023-26119, CVE-2023-2798 htmlunit-cssparser-1.12.0.jar: CVE-2023-26119, CVE-2020-5529, CVE-2023-2798, CVE-2022-28366, CVE-2022-29546 htmlunit-driver-4.7.0.jar: CVE-2023-5590 http2-client-9.4.44.v20210927.jar: CVE-2023-44487, CVE-2022-2047, CVE-2023-26048, CVE-2023-36478, CVE-2022-2048, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 http2-hpack-9.4.44.v20210927.jar: CVE-2023-36478 httpclient-4.3.6.jar: CVE-2020-13956 httpclient-4.5.10.jar: CVE-2020-13956 indexer-opensearch-1x.jar: CVE-2021-23901 jackson-annotations-2.5.0.jar: CVE-2018-1000873 jackson-annotations-2.9.0.jar: CVE-2018-1000873 jackson-core-2.5.3.jar: CVE-2018-1000873 jackson-core-2.9.4.jar: CVE-2018-1000873 jackson-databind-2.15.2.jar: CVE-2023-35116 jackson-databind-2.5.3.jar: CVE-2017-17485, CVE-2020-9547, CVE-2018-12022, CVE-2018-5968, CVE-2020-9548, CVE-2019-14379, CVE-2020-36180, CVE-2020-24616, CVE-2020-36182, CVE-2019-14439, CVE-2020-36181, CVE-2020-35491, CVE-2020-36184, CVE-2020-35490, CVE-2020-36183, CVE-2019-12814, CVE-2019-20330, CVE-2020-24750, CVE-2020-10673, CVE-2018-11307, CVE-2018-14718, CVE-2018-1000873, CVE-2018-7489, CVE-2018-14719, CVE-2020-36186, CVE-2019-17531, CVE-2020-36185, CVE-2020-36188, CVE-2020-36187, CVE-2020-10650, CVE-2020-36189, CVE-2019-12086, CVE-2019-14540, CVE-2019-12384, CVE-2023-35116, CVE-2017-15095, CVE-2019-16942, CVE-2019-16943, CVE-2021-20190, CVE-2017-7525, CVE-2020-36518, CVE-2019-17267, CVE-2019-16335, CVE-2020-36179, CVE-2020-8840, CVE-2019-14892, CVE-2022-42003, CVE-2022-42004 jackson-databind-2.9.4.jar: CVE-2020-24616, CVE-2019-14439, CVE-2020-10969, CVE-2020-11619, CVE-2019-12814, CVE-2020-10968, CVE-2020-11620, CVE-2018-11307, CVE-2018-1000873, CVE-2020-10650, CVE-2019-12384, CVE-2020-14060, CVE-2023-35116, CVE-2020-14061, CVE-2020-14062, CVE-2019-16942, CVE-2019-16943, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2020-11113, CVE-2020-36518, CVE-2020-11112, CVE-2019-14893, CVE-2020-11111, CVE-2020-8840, CVE-2019-14892, CVE-2022-42003, CVE-2022-42004, CVE-2020-9547, CVE-2018-12022, CVE-2020-9548, CVE-2018-12023, CVE-2019-14379, CVE-2020-36180, CVE-2020-14195, CVE-2020-36182, CVE-2020-36181, CVE-2020-25649, CVE-2020-35491, CVE-2020-36184, CVE-2020-35490, CVE-2020-36183, CVE-2020-35728, CVE-2019-20330, CVE-2020-24750, CVE-2020-10673, CVE-2018-14718, CVE-2018-7489, CVE-2018-14719, CVE-2020-36186, CVE-2019-17531, CVE-2020-36185, CVE-2020-36188, CVE-2020-36187, CVE-2020-10672, CVE-2020-36189, CVE-2019-12086, CVE-2019-14540, CVE-2020-9546, CVE-2021-20190, CVE-2019-17267, CVE-2019-16335, CVE-2018-14721, CVE-2020-36179, CVE-2018-14720 jackson-dataformat-cbor-2.10.4.jar: CVE-2020-28491 jackson-mapper-asl-1.9.13.jar: CVE-2017-7525, CVE-2019-10172 jdom-1.1.jar: CVE-2021-33813 jdom-2.0.2.jar: CVE-2021-33813 jetty-continuation-9.4.48.v20220622.jar: CVE-2023-44487, CVE-2023-26048, CVE-2023-36478, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 jetty-io-9.4.44.v20210927.jar: CVE-2023-44487, CVE-2022-2047, CVE-2023-26048, CVE-2023-36478, CVE-2022-2048, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 jetty-io-9.4.49.v20220914.jar: CVE-2023-44487, CVE-2023-26048, CVE-2023-36478, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 jetty-io-9.4.51.v20230217.jar: CVE-2023-44487, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 jetty-server-9.4.51.v20230217.jar: CVE-2023-44487, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 jsoup-1.8.1.jar: CVE-2015-6748, CVE-2022-36033, CVE-2021-37714 kafka-clients-1.1.0.jar: CVE-2021-38153, CVE-2018-17196, CVE-2023-25194 kafka_2.12-1.1.0.jar: CVE-2018-17196 kerb-server-1.0.1.jar: CVE-2023-25613 kerby-xdr-1.0.1.jar: CVE-2023-25613 kotlin-stdlib-1.4.10.jar: CVE-2020-29582, CVE-2022-24329 kotlin-stdlib-jdk7-1.4.10.jar: CVE-2020-29582, CVE-2022-24329 lang-mustache-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147 mapper-extras-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147 neko-htmlunit-2.67.0.jar: CVE-2023-26119, CVE-2023-2798 nekohtml-1.9.19.jar: CVE-2022-24839 netty-3.10.6.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2021-37136, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2023-34462, CVE-2021-21290, CVE-2023-44487, CVE-2020-11612, CVE-2022-24823, CVE-2022-41881, CVE-2021-21409 netty-codec-4.1.68.Final.jar: CVE-2021-43797, CVE-2023-4586, CVE-2023-44487, CVE-2022-41915, CVE-2022-24823, CVE-2022-41881, CVE-2023-34462 netty-codec-socks-4.1.60.Final.jar: CVE-2021-43797, CVE-2023-4586, CVE-2023-44487, CVE-2021-37136, CVE-2021-37137, CVE-2022-24823, CVE-2022-41881, CVE-2021-21409, CVE-2023-34462 netty-transport-4.1.68.Final.jar: CVE-2021-43797, CVE-2023-4586, CVE-2023-44487, CVE-2022-24823, CVE-2022-41881, CVE-2023-34462 netty-transport-4.1.84.Final.jar: CVE-2023-4586, CVE-2023-44487, CVE-2022-41915, CVE-2022-41881, CVE-2023-34462 netty-transport-4.1.89.Final.jar: CVE-2023-4586, CVE-2023-44487, CVE-2023-34462 nimbus-jose-jwt-9.8.1.jar/META-INF/maven/net.minidev/json-smart/pom.xml: CVE-2023-1370, CVE-2021-31684 okhttp-brotli-4.9.3.jar: CVE-2023-3782 okio-2.8.0.jar: CVE-2023-3635 parent-join-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147 protobuf-java-2.5.0.jar: CVE-2022-3171, CVE-2022-3509, CVE-2021-22569 rank-eval-client-7.13.2.jar: CVE-2021-22144, CVE-2021-22145, CVE-2021-22147 selenium-api-4.7.2.jar: CVE-2023-5590 snakeyaml-1.26.jar: CVE-2022-38752, CVE-2022-38751, CVE-2022-38750, CVE-2022-41854, CVE-2022-25857, CVE-2022-38749, CVE-2022-1471 snakeyaml-1.32.jar: CVE-2022-1471 snappy-java-1.1.7.1.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 snappy-java-1.1.7.6.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 snappy-java-1.1.8.2.jar: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453, CVE-2023-43642 solr-solrj-8.11.2.jar: CVE-2023-44487 tika-langdetect-optimaize-shaded-2.9.0.0.jar/META-INF/maven/com.google.guava/guava/pom.xml: CVE-2020-8908, CVE-2018-10237, CVE-2023-2976 token-provider-1.0.1.jar: CVE-2023-25613 websocket-client-9.4.49.v20220914.jar: CVE-2023-44487, CVE-2023-26048, CVE-2023-36478, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 websocket-client-9.4.51.v20230217.jar: CVE-2023-44487, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 websocket-common-9.4.49.v20220914.jar: CVE-2023-44487, CVE-2023-26048, CVE-2023-36478, CVE-2023-26049, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 websocket-common-9.4.51.v20230217.jar: CVE-2023-44487, CVE-2023-36478, CVE-2023-36479, CVE-2023-40167, CVE-2023-41900 woodstox-core-6.2.4.jar: CVE-2022-40152 woodstox-core-6.2.8.jar: CVE-2022-40152 xercesImpl-2.11.0.jar: CVE-2018-2799, CVE-2012-0881, CVE-2017-10355, CVE-2022-23437, CVE-2013-4002 xercesImpl-2.12.2.jar: CVE-2017-10355 zookeeper-3.4.10.jar: CVE-2023-44981, CVE-2019-0201 zookeeper-3.6.2.jar: CVE-2023-44981 zookeeper-3.6.3.jar: CVE-2023-44981 See the dependency-check report for more details. Total time: 31 minutes 5 seconds Build step 'Invoke Ant' marked build as failure Publishing Javadoc Recording test results [Checks API] No suitable checks publisher found. Not sending mail to unregistered user git...@hugo-hirsch.de