See
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/108/display/redirect?page=changes>
Changes:
[lukaszlenart] WW-4965 Upgrades OGNL to version 3.2.7
[43964333+JCgH4164838Gh792C124B5] Minor config fixes for the Showcase
Application: 1) Token examples.
------------------------------------------
[...truncated 1.46 MB...]
at org.testng.SuiteRunner.run(SuiteRunner.java:223)
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039)
at org.testng.TestNG.runSuitesLocally(TestNG.java:964)
at org.testng.TestNG.run(TestNG.java:900)
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135)
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198)
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94)
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146)
at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
at
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
ognl:com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor@2513f142
this:com.opensymphony.xwork2.mock.MockObjectTypeDeterminer@40443712
ognl:com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor@794c9bb0
this:com.opensymphony.xwork2.mock.MockObjectTypeDeterminer@14817e07
ognl:com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor@65b0febe
this:com.opensymphony.xwork2.mock.MockObjectTypeDeterminer@4724a01a
ognl:com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor@65b0febe
this:com.opensymphony.xwork2.mock.MockObjectTypeDeterminer@4724a01a
ognl:com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor@37982cad
this:com.opensymphony.xwork2.mock.MockObjectTypeDeterminer@679d2e5e
2018-10-11 23:33:11,339 WARN [main] ognl.OgnlValueStack
(OgnlValueStack.java:203) - Error setting value [Spielen] with expression
[moreCats[2].name]
java.lang.IndexOutOfBoundsException: Index: 2, Size: 0
at java.util.ArrayList.rangeCheck(ArrayList.java:635) ~[?:1.7.0_80]
at java.util.ArrayList.get(ArrayList.java:411) ~[?:1.7.0_80]
at ognl.ListPropertyAccessor.getProperty(ListPropertyAccessor.java:72)
~[ognl-3.2.7.jar:?]
at
com.opensymphony.xwork2.ognl.accessor.XWorkListPropertyAccessor.getProperty(XWorkListPropertyAccessor.java:137)
~[classes/:?]
at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2680)
~[ognl-3.2.7.jar:?]
at ognl.ASTProperty.getValueBody(ASTProperty.java:114)
~[ognl-3.2.7.jar:?]
at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
~[ognl-3.2.7.jar:?]
at ognl.SimpleNode.getValue(SimpleNode.java:258) ~[ognl-3.2.7.jar:?]
at ognl.ASTChain.setValueBody(ASTChain.java:222) ~[ognl-3.2.7.jar:?]
at ognl.SimpleNode.evaluateSetValueBody(SimpleNode.java:220)
~[ognl-3.2.7.jar:?]
at ognl.SimpleNode.setValue(SimpleNode.java:301) ~[ognl-3.2.7.jar:?]
at ognl.Ognl.setValue(Ognl.java:739) ~[ognl-3.2.7.jar:?]
at com.opensymphony.xwork2.ognl.OgnlUtil$1.execute(OgnlUtil.java:341)
~[classes/:?]
at com.opensymphony.xwork2.ognl.OgnlUtil$1.execute(OgnlUtil.java:333)
~[classes/:?]
at
com.opensymphony.xwork2.ognl.OgnlUtil.compileAndExecute(OgnlUtil.java:428)
~[classes/:?]
at com.opensymphony.xwork2.ognl.OgnlUtil.setValue(OgnlUtil.java:333)
~[classes/:?]
at
com.opensymphony.xwork2.ognl.OgnlValueStack.trySetValue(OgnlValueStack.java:187)
[classes/:?]
at
com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:174)
[classes/:?]
at
com.opensymphony.xwork2.ognl.OgnlValueStack.setValue(OgnlValueStack.java:165)
[classes/:?]
at
com.opensymphony.xwork2.ognl.SetPropertiesTest.doTestAddingToListsWithObjects(SetPropertiesTest.java:164)
[test-classes/:?]
at
com.opensymphony.xwork2.ognl.SetPropertiesTest.testAddingToListsWithObjectsFalse(SetPropertiesTest.java:134)
[test-classes/:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.7.0_80]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
~[?:1.7.0_80]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.7.0_80]
at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_80]
at junit.framework.TestCase.runTest(TestCase.java:176)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.runBare(TestCase.java:141)
[junit-4.12.jar:4.12]
at junit.framework.TestResult$1.protect(TestResult.java:122)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.runProtected(TestResult.java:142)
[junit-4.12.jar:4.12]
at junit.framework.TestResult.run(TestResult.java:125)
[junit-4.12.jar:4.12]
at junit.framework.TestCase.run(TestCase.java:129) [junit-4.12.jar:4.12]
at junit.framework.TestSuite.runTest(TestSuite.java:252)
[junit-4.12.jar:4.12]
at junit.framework.TestSuite.run(TestSuite.java:247)
[junit-4.12.jar:4.12]
at org.testng.junit.JUnitTestRunner.doRun(JUnitTestRunner.java:250)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.start(JUnitTestRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.junit.JUnitTestRunner.run(JUnitTestRunner.java:211)
[testng-5.14.10.jar:?]
at org.testng.TestRunner$1.run(TestRunner.java:659)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.runWorkers(TestRunner.java:1147)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.privateRunJUnit(TestRunner.java:690)
[testng-5.14.10.jar:?]
at org.testng.TestRunner.run(TestRunner.java:597) [testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runTest(SuiteRunner.java:317)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunner.run(SuiteRunner.java:223)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52)
[testng-5.14.10.jar:?]
at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039)
[testng-5.14.10.jar:?]
at org.testng.TestNG.runSuitesLocally(TestNG.java:964)
[testng-5.14.10.jar:?]
at org.testng.TestNG.run(TestNG.java:900) [testng-5.14.10.jar:?]
at
org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146)
[surefire-testng-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119)
[surefire-booter-2.20.1.jar:2.20.1]
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407)
[surefire-booter-2.20.1.jar:2.20.1]
ognl:com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor@3c96b88f
this:com.opensymphony.xwork2.mock.MockObjectTypeDeterminer@4b2ed35c
ognl:com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor@3c96b88f
this:com.opensymphony.xwork2.mock.MockObjectTypeDeterminer@4b2ed35c
2018-10-11 23:33:11,361 WARN [main] ognl.SecurityMemberAccess
(SecurityMemberAccess.java:102) - Package [package org.apache.struts2] of
target class [class org.apache.struts2.TestAction] of target
[org.apache.struts2.TestAction@2fb2db54] or package [package
javax.servlet.jsp.tagext, JavaServer Pages(TM) Specification, version 2.1] of
member [public int javax.servlet.jsp.tagext.TagSupport.doStartTag() throws
javax.servlet.jsp.JspException] are excluded!
2018-10-11 23:33:11,852 WARN [main] util.TokenHelper (TokenHelper.java:134) -
Could not find token mapped to token name:
default message
2018-10-11 23:33:11,966 WARN [main] util.StrutsLocalizedTextProvider
(StrutsLocalizedTextProvider.java:226) - Trying to find text with null key!
2018-10-11 23:33:12,267 WARN [main] ognl.SecurityMemberAccess
(SecurityMemberAccess.java:157) - The use of the default (unnamed) package is
discouraged!
action property
Foo Range Message
non.existant
2018-10-11 23:33:13,490 INFO [main] impl.DefaultObjectTypeDeterminer
(DefaultObjectTypeDeterminer.java:120) - The Collection_xxx pattern for
collection type conversion is deprecated. Please use Element_xxx!
Oct 11, 2018 11:33:13 PM
org.springframework.context.support.ClassPathXmlApplicationContext
prepareRefresh
INFO: Refreshing
org.springframework.context.support.ClassPathXmlApplicationContext@79f97ac0:
startup date [Thu Oct 11 23:33:13 UTC 2018]; root of context hierarchy
Oct 11, 2018 11:33:13 PM
org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource
[com/opensymphony/xwork2/spring/actionContext-spring.xml]
Oct 11, 2018 11:33:13 PM
org.springframework.context.support.ClassPathXmlApplicationContext
prepareRefresh
INFO: Refreshing
org.springframework.context.support.ClassPathXmlApplicationContext@2a25d14b:
startup date [Thu Oct 11 23:33:13 UTC 2018]; root of context hierarchy
Oct 11, 2018 11:33:13 PM
org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource
[com/opensymphony/xwork2/spring/actionContext-spring.xml]
Oct 11, 2018 11:33:13 PM
org.springframework.context.support.ClassPathXmlApplicationContext
prepareRefresh
INFO: Refreshing
org.springframework.context.support.ClassPathXmlApplicationContext@3eabf427:
startup date [Thu Oct 11 23:33:13 UTC 2018]; root of context hierarchy
Oct 11, 2018 11:33:13 PM
org.springframework.beans.factory.xml.XmlBeanDefinitionReader
loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource
[com/opensymphony/xwork2/spring/actionContext-spring.xml]
[INFO] Tests run: 1802, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 83.93
s - in TestSuite
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 1802, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-core ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 61 implicit excludes (use -debug for more details).
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 1572 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated:
0, approved: 1565 licenses.
[INFO]
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-core ---
[INFO] Building jar:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT.jar>
[INFO]
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @
struts2-core >>>
[INFO]
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @
struts2-core ---
[INFO]
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @
struts2-core <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-core ---
[INFO] Building jar:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT-sources.jar>
[INFO]
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @
struts2-core ---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO]
[INFO] --- dependency-check-maven:3.1.1:check (default) @ struts2-core ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Check for updates complete (10 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Central Analyzer (1 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (2 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished Cpe Suppression Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (5 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Struts 2
Core:
spring-core-4.3.13.RELEASE.jar
(cpe:/a:pivotal_software:spring_framework:4.3.13,
cpe:/a:pivotal:spring_framework:4.3.13,
org.springframework:spring-core:4.3.13.RELEASE) : CVE-2018-1270, CVE-2018-1271,
CVE-2018-1199, CVE-2018-1272, CVE-2018-11039, CVE-2018-1257, CVE-2018-11040,
CVE-2018-1275
bsh-2.0b4.jar (org.beanshell:bsh:2.0b4,
cpe:/a:beanshell_project:beanshell:2.0.b4) : CVE-2016-2510
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.934 s]
[INFO] Struts 2 2.6-SNAPSHOT .............................. SUCCESS [03:10 min]
[INFO] Struts 2 Core ...................................... FAILURE [02:05 min]
[INFO] Struts Plugins ..................................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] Struts 2 DWR Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Embedded JSP Plugin ....................... SKIPPED
[INFO] Struts 2 GXP Plugin ................................ SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 OSGi Plugin ............................... SKIPPED
[INFO] Struts 2 OVal Plugin ............................... SKIPPED
[INFO] Struts 2 Pell Multipart Plugin ..................... SKIPPED
[INFO] Struts 2 Plexus Plugin ............................. SKIPPED
[INFO] Struts 2 Portlet Plugin ............................ SKIPPED
[INFO] Struts 2 Portlet Tiles Plugin ...................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts OSGi Bundles ................................ SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly 2.6-SNAPSHOT ..................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 05:21 min
[INFO] Finished at: 2018-10-11T23:33:26Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.1.1:check
(default) on project struts2-core:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have
a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] spring-core-4.3.13.RELEASE.jar: CVE-2018-1270, CVE-2018-1275
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :struts2-core
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
