See
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/106/display/redirect?page=changes>
Changes:
[lukaszlenart] Drops irrelevant profile
[lukaszlenart] WW-4952 Uses struts parent 13 to fix issue with wrong release
profile
------------------------------------------
[...truncated 1.24 MB...]
at org.testng.junit.JUnitTestRunner.start(JUnitTestRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.run(JUnitTestRunner.java:211)
[testng-5.14.10.jar:?]
at org.testng.TestRunner$1.run(TestRunner.java:659)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.runWorkers(TestRunner.java:1147)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.privateRunJUnit(TestRunner.java:690)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.run(TestRunner.java:597) [testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runTest(SuiteRunner.java:317)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.run(SuiteRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesLocally(TestNG.java:964)
[testng-5.14.10.jar:?]
at org.testng.TestNG.run(TestNG.java:900) [testng-5.14.10.jar:?]
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
[surefire-booter-2.20.1.jar:2.20.1]
2018-10-04 22:37:02,300 WARN [main] interceptor.ActionAutowiringInterceptor
(ActionAutowiringInterceptor.java:108) - ApplicationContext could not be found.
Action classes will not be autowired.
setDog
2018-10-04 22:37:02,356 WARN [main] ognl.SecurityMemberAccess
(SecurityMemberAccess.java:113) - Declaring class of member type [public final
native java.lang.Class java.lang.Object.getClass()] is excluded!
2018-10-04 22:37:02,362 INFO [main] impl.DefaultObjectTypeDeterminer
(DefaultObjectTypeDeterminer.java:120) - The Collection_xxx pattern for
collection type conversion is deprecated. Please use Element_xxx!
2018-10-04 22:37:02,366 WARN [main] ognl.SecurityMemberAccess
(SecurityMemberAccess.java:113) - Declaring class of member type [public final
native java.lang.Class java.lang.Object.getClass()] is excluded!
2018-10-04 22:37:02,375 WARN [main] ognl.SecurityMemberAccess
(SecurityMemberAccess.java:113) - Declaring class of member type [public final
native java.lang.Class java.lang.Object.getClass()] is excluded!
2018-10-04 22:37:02,393 WARN [main] ognl.OgnlUtil (OgnlUtil.java:509) -
Attempting to copy from or to a null source. This is illegal and is bein
skipped. This may be due to an error in an OGNL expression, action chaining, or
some other event.
2018-10-04 22:37:02,393 WARN [main] ognl.OgnlUtil (OgnlUtil.java:509) -
Attempting to copy from or to a null source. This is illegal and is bein
skipped. This may be due to an error in an OGNL expression, action chaining, or
some other event.
2018-10-04 22:37:02,394 WARN [main] ognl.OgnlUtil (OgnlUtil.java:509) -
Attempting to copy from or to a null source. This is illegal and is bein
skipped. This may be due to an error in an OGNL expression, action chaining, or
some other event.
2018-10-04 22:37:02,403 WARN [main] ognl.OgnlValueStack
(OgnlValueStack.java:203) - Error setting value [[asdf]] with expression
[1114778947765]
java.lang.NumberFormatException: For input string: "1114778947765"
at
java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
~[?:1.7.0_80]
at java.lang.Integer.parseInt(Integer.java:495) ~[?:1.7.0_80]
at java.lang.Integer.valueOf(Integer.java:556) ~[?:1.7.0_80]
at ognl.OgnlParserTokenManager.makeInt(OgnlParserTokenManager.java:63)
~[ognl-3.2.6.jar:?]
at
ognl.OgnlParserTokenManager.TokenLexicalActions(OgnlParserTokenManager.java:1624)
~[ognl-3.2.6.jar:?]
at
ognl.OgnlParserTokenManager.getNextToken(OgnlParserTokenManager.java:1498)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.jj_ntk(OgnlParser.java:3099) ~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.unaryExpression(OgnlParser.java:1079)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.multiplicativeExpression(OgnlParser.java:971)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.additiveExpression(OgnlParser.java:894)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.shiftExpression(OgnlParser.java:750)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.relationalExpression(OgnlParser.java:508)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.equalityExpression(OgnlParser.java:405)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.andExpression(OgnlParser.java:352)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.exclusiveOrExpression(OgnlParser.java:299)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.inclusiveOrExpression(OgnlParser.java:246)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.logicalAndExpression(OgnlParser.java:193)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.logicalOrExpression(OgnlParser.java:140)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.conditionalTestExpression(OgnlParser.java:101)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.assignmentExpression(OgnlParser.java:64)
~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.expression(OgnlParser.java:23) ~[ognl-3.2.6.jar:?]
at ognl.OgnlParser.topLevelExpression(OgnlParser.java:15)
~[ognl-3.2.6.jar:?]
at ognl.Ognl.parseExpression(Ognl.java:110) ~[ognl-3.2.6.jar:?]
at
com.opensymphony.xwork2.ognl.OgnlUtil.compileAndExecute(OgnlUtil.java:420)
~[classes/:?]
at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:333)
~[classes/:?]
at
com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:187)
[classes/:?]
at
com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:174)
[classes/:?]
at
com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:165)
[classes/:?]
at
com.opensymphony.xwork2.ognl.OgnlUtilTest.testSetBigIndexedValue(OgnlUtilTest.java:647)
[test-classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_80]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_80]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_80]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_80]
at junit.framework.TestCase.runTest(TestCase.java:176)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.runBare(TestCase.java:141)
[junit-4.12.jar:4.12]
at junit.framework.TestResult$1.protect(TestResult.java:122)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.runProtected(TestResult.java:142)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.run(TestResult.java:125)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.run(TestCase.java:129) [junit-4.12.jar:4.12]
at junit.framework.TestSuite.runTest(TestSuite.java:252)
[junit-4.12.jar:4.12]
at junit.framework.TestSuite.run(TestSuite.java:247)
[junit-4.12.jar:4.12]
at org.testng.junit.JUnitTestRunner.doRun(JUnitTestRunner.java:250)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.start(JUnitTestRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.run(JUnitTestRunner.java:211)
[testng-5.14.10.jar:?]
at org.testng.TestRunner$1.run(TestRunner.java:659)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.runWorkers(TestRunner.java:1147)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.privateRunJUnit(TestRunner.java:690)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.run(TestRunner.java:597) [testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runTest(SuiteRunner.java:317)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.run(SuiteRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesLocally(TestNG.java:964)
[testng-5.14.10.jar:?]
at org.testng.TestNG.run(TestNG.java:900) [testng-5.14.10.jar:?]
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
[surefire-booter-2.20.1.jar:2.20.1]
2018-10-04 22:37:02,451 WARN [main] ognl.SecurityMemberAccess
(SecurityMemberAccess.java:108) - Target class [class java.lang.Class] of
target [class java.lang.Runtime] is excluded!
2018-10-04 22:37:02,510 WARN [main] ognl.SecurityMemberAccess
(SecurityMemberAccess.java:113) - Declaring class of member type [public final
native java.lang.Class java.lang.Object.getClass()] is excluded!
[INFO] Tests run: 1797, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 77.02
s - in TestSuite
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1797, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-core ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 61 implicit excludes (use -debug for more details).
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 1571 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated:
0, approved: 1564 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-core ---
[INFO] Building jar:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @
struts2-core >>>
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
struts2-core ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @
struts2-core <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-core ---
[INFO] Building jar:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @
struts2-core ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:3.1.1:check (default) @ struts2-core ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Check for updates complete (21 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Central Analyzer (4 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished Cpe Suppression Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (8 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2
Core:
spring-core-4.3.13.RELEASE.jar
(cpe:/a:pivotal_software:spring_framework:4.3.13,
cpe:/a:pivotal:spring_framework:4.3.13,
org.springframework:spring-core:4.3.13.RELEASE) : CVE-2018-1270, CVE-2018-1271,
CVE-2018-1199, CVE-2018-1272, CVE-2018-11039, CVE-2018-1257, CVE-2018-11040,
CVE-2018-1275
bsh-2.0b4.jar (org.beanshell:bsh:2.0b4,
cpe:/a:beanshell_project:beanshell:2.0.b4) : CVE-2016-2510
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 3.889 s]
[INFO] Struts 2 2.6-SNAPSHOT .............................. SUCCESS [03:22 min]
[INFO] Struts 2 Core ...................................... FAILURE [02:00 min]
[INFO] Struts Plugins ..................................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Embedded JSP Plugin ....................... SKIPPED
[INFO] Struts 2 GXP Plugin ................................ SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 OSGi Plugin ............................... SKIPPED
[INFO] Struts 2 OVal Plugin ............................... SKIPPED
[INFO] Struts 2 Pell Multipart Plugin ..................... SKIPPED
[INFO] Struts 2 Plexus Plugin ............................. SKIPPED
[INFO] Struts 2 Portlet Plugin ............................ SKIPPED
[INFO] Struts 2 Portlet Tiles Plugin ...................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts OSGi Bundles ................................ SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly 2.6-SNAPSHOT ..................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:31 min
[INFO] Finished at: 2018-10-04T22:37:17Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.1.1:check
(default) on project struts2-core:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have
a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-core-4.3.13.RELEASE.jar: CVE-2018-1270, CVE-2018-1275
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :struts2-core
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
