See
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/95/display/redirect?page=changes>
Changes:
[lukaszlenart] Adds Maven wrapper to allow use the latest Maven version
[lukaszlenart] Avoids parsing namespace when using existing namespace
[lukaszlenart] Increases scope when location parsing is avoided
[lukaszlenart] Upgrades Jackson libs to version 2.9.5
[lukaszlenart] Makes OgnlUtil more immutable
[lukaszlenart] Adds proper handling of primitive types
[lukaszlenart] Adds more general exclusion
[lukaszlenart] Validates action, namespace and method in the same way
[lukaszlenart] delete redundant code for performance
[lukaszlenart] Fixes how dependencies are injected into constructor
[lukaszlenart] add an extra unit test
[lukaszlenart] Fixes conflicts after cherry-picked changes from 2.5.x branch
[lukaszlenart] WW-4955 Upgrades OGNL to version 3.2.6
[lukaszlenart] Adds additional test to check is ArrayList.size() is accessible
------------------------------------------
[...truncated 1.42 MB...]
at org.testng.TestRunner.runWorkers(TestRunner.java:1147)
at org.testng.TestRunner.privateRunJUnit(TestRunner.java:690)
at org.testng.TestRunner.run(TestRunner.java:597)
at org.testng.SuiteRunner.runTest(SuiteRunner.java:317)
at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312)
at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274)
at org.testng.SuiteRunner.run(SuiteRunner.java:223)
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039)
at org.testng.TestNG.runSuitesLocally(TestNG.java:964)
at org.testng.TestNG.run(TestNG.java:900)
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135)
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198)
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94)
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146)
at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
at
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
2018-08-24 11:38:55,421 WARN [main] xwork2.DefaultLocaleProvider
(DefaultLocaleProvider.java:53) - Cannot convert [_] to proper locale
java.lang.IllegalArgumentException: Invalid locale format: _
at org.apache.commons.lang3.LocaleUtils.toLocale(LocaleUtils.java:102)
~[commons-lang3-3.6.jar:3.6]
at
com.opensymphony.xwork2.DefaultLocaleProvider.isValidLocaleString(DefaultLocaleProvider.java:51)
[classes/:?]
at
org.apache.struts2.interceptor.I18nInterceptor.getLocaleFromParam(I18nInterceptor.java:166)
[classes/:?]
at
org.apache.struts2.interceptor.I18nInterceptor$SessionLocaleHandler.find(I18nInterceptor.java:276)
[classes/:?]
at
org.apache.struts2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:104)
[classes/:?]
at
org.apache.struts2.interceptor.I18nInterceptorTest.testDefaultLocale(I18nInterceptorTest.java:88)
[test-classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_80]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_80]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_80]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_80]
at junit.framework.TestCase.runTest(TestCase.java:176)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.runBare(TestCase.java:141)
[junit-4.12.jar:4.12]
at junit.framework.TestResult$1.protect(TestResult.java:122)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.runProtected(TestResult.java:142)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.run(TestResult.java:125)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.run(TestCase.java:129) [junit-4.12.jar:4.12]
at junit.framework.TestSuite.runTest(TestSuite.java:252)
[junit-4.12.jar:4.12]
at junit.framework.TestSuite.run(TestSuite.java:247)
[junit-4.12.jar:4.12]
at org.testng.junit.JUnitTestRunner.doRun(JUnitTestRunner.java:250)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.start(JUnitTestRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.run(JUnitTestRunner.java:211)
[testng-5.14.10.jar:?]
at org.testng.TestRunner$1.run(TestRunner.java:659)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.runWorkers(TestRunner.java:1147)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.privateRunJUnit(TestRunner.java:690)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.run(TestRunner.java:597) [testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runTest(SuiteRunner.java:317)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.run(SuiteRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesLocally(TestNG.java:964)
[testng-5.14.10.jar:?]
at org.testng.TestNG.run(TestNG.java:900) [testng-5.14.10.jar:?]
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
[surefire-booter-2.20.1.jar:2.20.1]
2018-08-24 11:38:55,458 ERROR [main] components.ClosingUIBean
(ClosingUIBean.java:56) - Could not open template
java.lang.NullPointerException: null
at
org.apache.struts2.components.ServletUrlRenderer.renderFormUrl(ServletUrlRenderer.java:148)
~[classes/:?]
at
org.apache.struts2.components.Form.populateComponentHtmlId(Form.java:229)
~[classes/:?]
at org.apache.struts2.components.UIBean.evaluateParams(UIBean.java:814)
~[classes/:?]
at
org.apache.struts2.components.ClosingUIBean.start(ClosingUIBean.java:52)
[classes/:?]
at
org.apache.struts2.views.jsp.ComponentTagSupport.doStartTag(ComponentTagSupport.java:51)
[classes/:?]
at
org.apache.struts2.views.jsp.ui.ComponentTest.testTagAttributeExclusion(ComponentTest.java:122)
[test-classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_80]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_80]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_80]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_80]
at junit.framework.TestCase.runTest(TestCase.java:176)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.runBare(TestCase.java:141)
[junit-4.12.jar:4.12]
at junit.framework.TestResult$1.protect(TestResult.java:122)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.runProtected(TestResult.java:142)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.run(TestResult.java:125)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.run(TestCase.java:129) [junit-4.12.jar:4.12]
at junit.framework.TestSuite.runTest(TestSuite.java:252)
[junit-4.12.jar:4.12]
at junit.framework.TestSuite.run(TestSuite.java:247)
[junit-4.12.jar:4.12]
at org.testng.junit.JUnitTestRunner.doRun(JUnitTestRunner.java:250)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.start(JUnitTestRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.run(JUnitTestRunner.java:211)
[testng-5.14.10.jar:?]
at org.testng.TestRunner$1.run(TestRunner.java:659)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.runWorkers(TestRunner.java:1147)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.privateRunJUnit(TestRunner.java:690)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.run(TestRunner.java:597) [testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runTest(SuiteRunner.java:317)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.run(SuiteRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesLocally(TestNG.java:964)
[testng-5.14.10.jar:?]
at org.testng.TestNG.run(TestNG.java:900) [testng-5.14.10.jar:?]
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
[surefire-booter-2.20.1.jar:2.20.1]
[INFO] Tests run: 1795, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 75.99
s - in TestSuite
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1795, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.11:check (default) @ struts2-core ---
[INFO] 51 implicit excludes (use -debug for more details).
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 1570 resources included (use -debug for more details)
[INFO] Rat check: Summary of files. Unapproved: 0 unknown: 0 generated: 0
approved: 1563 licence.
[INFO]
[INFO] --- maven-jar-plugin:3.0.0:jar (default-jar) @ struts2-core ---
[INFO] Building jar:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.0:jar (attach-sources) > generate-sources @
struts2-core >>>
[INFO]
[INFO] <<< maven-source-plugin:3.0.0:jar (attach-sources) < generate-sources @
struts2-core <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.0:jar (attach-sources) @ struts2-core ---
[INFO] Building jar:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.5.1:attach-descriptor (attach-descriptor) @
struts2-core ---
[INFO]
[INFO] --- dependency-check-maven:3.1.1:check (default) @ struts2-core ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Check for updates complete (334 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Central Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished Cpe Suppression Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2
Core:
spring-core-4.3.13.RELEASE.jar
(cpe:/a:pivotal_software:spring_framework:4.3.13,
cpe:/a:pivotal:spring_framework:4.3.13,
org.springframework:spring-core:4.3.13.RELEASE) : CVE-2018-1270, CVE-2018-1271,
CVE-2018-1199, CVE-2018-1272, CVE-2018-1257, CVE-2018-1275
bsh-2.0b4.jar (org.beanshell:bsh:2.0b4,
cpe:/a:beanshell_project:beanshell:2.0.b4) : CVE-2016-2510
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.882 s]
[INFO] Struts 2 2.6-SNAPSHOT .............................. SUCCESS [02:55 min]
[INFO] Struts 2 Core ...................................... FAILURE [01:55 min]
[INFO] Struts Plugins ..................................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Embedded JSP Plugin ....................... SKIPPED
[INFO] Struts 2 GXP Plugin ................................ SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 OSGi Plugin ............................... SKIPPED
[INFO] Struts 2 OVal Plugin ............................... SKIPPED
[INFO] Struts 2 Pell Multipart Plugin ..................... SKIPPED
[INFO] Struts 2 Plexus Plugin ............................. SKIPPED
[INFO] Struts 2 Portlet Plugin ............................ SKIPPED
[INFO] Struts 2 Portlet Tiles Plugin ...................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts OSGi Bundles ................................ SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly 2.6-SNAPSHOT ..................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:55 min
[INFO] Finished at: 2018-08-24T11:39:09Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.1.1:check
(default) on project struts2-core:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have
a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-core-4.3.13.RELEASE.jar: CVE-2018-1270, CVE-2018-1275
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :struts2-core
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
