[
https://issues.apache.org/jira/browse/PIG-5470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17974005#comment-17974005
]
Rohini Palaniswamy commented on PIG-5470:
-----------------------------------------
If compiling with jdk8, owasp builds fail with
java.lang.UnsupportedClassVersionError:
org/owasp/dependencycheck/taskdefs/Purge has been compiled by a more recent
version of the Java Runtime (class file version 55.0), this version of the Java
Runtime only recognizes class file versions up to 52.0
javap -verbose -cp dependency-check-ant-12.1.3.jar
org/owasp/dependencycheck/taskdefs/Purge | grep "major version"
major version: 55
javap -verbose -cp dependency-check-ant-11.1.1.jar
org/owasp/dependencycheck/taskdefs/Purge | grep "major version"
major version: 55
javap -verbose -cp dependency-check-ant-10.0.4.jar
org/owasp/dependencycheck/taskdefs/Purge | grep "major version"
major version: 52
Changing dependency-check-ant.version from latest.release to 10.0.4 in
ivy/libraries.properties however always fails with download errors after close
to finish downloading. The NVD downloads are also very slow without an API key
and trying out different options was taking a very long time. Tried different
things like using local mirror of NVD database but that did not work either.
Realized the NVD 1.x API is deprecated and that usage will be shutdown in Aug
2025. So no use going with that solution. Only way to get owasp running without
error was run it with a newer jdk (used jdk 21). By default, the NVD database
is downloaded to ~/.ivy2/cache/org.owasp/dependency-check-ant/jars/data. Added
options in this patch to use an already downloaded database as a workaround.
Download did work fine for me later without pointing to an already downloaded
location, but making a patch in case it is useful in similar situation later.
Usage:
brew install dependency-check
dependency-check --updateonly
ant clean -Dowasp.data.directory=/opt/homebrew/var/dependencycheck/
-Dowasp.auto.update=false owasp
> Make owasp data dependency location configurable
> ------------------------------------------------
>
> Key: PIG-5470
> URL: https://issues.apache.org/jira/browse/PIG-5470
> Project: Pig
> Issue Type: Bug
> Reporter: Rohini Palaniswamy
> Assignee: Rohini Palaniswamy
> Priority: Major
> Fix For: 0.18.0
>
>
> owasp builds fail with
> java.lang.UnsupportedClassVersionError:
> org/owasp/dependencycheck/taskdefs/Purge has been compiled by a more recent
> version of the Java Runtime (class file version 55.0), this version of the
> Java Runtime only recognizes class file versions up to 52.0
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
