But it works fine now when I manipulated it to use java 8 - it has found new CVEs.
Actually I think we should drop current `Struts-master-JDK8` job and rename and manipulate current ` Struts-master-JDK7` to use java 8 because we want to keep uploading to snapshot - current `Struts-master-JDK8` isn't created to uploading, it's just for test if Struts can be built with java 8. Kind Regards. >-----Original Message----- >From: Lukasz Lenart <lukaszlen...@apache.org> >Sent: Tuesday, February 5, 2019 1:34 PM >To: Struts Developers List <dev@struts.apache.org> >Subject: Re: Build failed in Jenkins: Struts-master-JDK8-dependency-check #141 > >I think, we can drop this build as we switched to JDK8 for Struts 2.6 (it's the >master branch). I will use an existing job to take over those responsibilities. > >wt., 5 lut 2019 o 10:30 Apache Jenkins Server <jenk...@builds.apache.org> >napisaĆ(a): >> >> See >> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/141 >> /display/redirect?page=changes> >> >> Changes: >> >> [github] Switch to Java 8 >> >> [github] Update Jenkinsfile >> >> [github] Update .travis.yml >> >> [lukaszlenart] Adds a link to JavaDocs >> >> [yasserzamani] upgrade to ASM 7 >> >> [amashchenko] WW-4991 Not existing property in listValueKey throws >> exception >> >> ------------------------------------------ >> [...truncated 912.91 KB...] >> [INFO] Exclude: src/main/webapp/**/*.svg [INFO] Exclude: >> src/main/webapp/**/*.txt [INFO] Exclude: >> src/main/resources/**/sitegraph-usage.txt >> [INFO] Exclude: src/main/resources/**/docs-urls.txt >> [INFO] Exclude: src/etc/header.txt >> [INFO] Exclude: src/main/resources/static/css/**/*.css >> [INFO] Exclude: src/main/resources/static/js/**/*.js >> [INFO] Exclude: src/main/resources/docs.cfg [INFO] Exclude: >> src/main/webapp/fonts/**/* [INFO] 5 resources included (use -debug for >> more details) [INFO] Rat check: Summary over all files. Unapproved: 0, >> unknown: 0, generated: 0, approved: 4 licenses. >> [INFO] >> [INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ >> struts2-portlet-tiles-plugin --- [INFO] Building jar: >> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/ >> plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT >> .jar> >> [INFO] >> [INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > >> generate-sources @ struts2-portlet-tiles-plugin >>> [INFO] [INFO] --- >> maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ >> struts2-portlet-tiles-plugin --- [INFO] [INFO] <<< >> maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ >> struts2-portlet-tiles-plugin <<< [INFO] [INFO] [INFO] --- >> maven-source-plugin:3.0.1:jar (attach-sources) @ >> struts2-portlet-tiles-plugin --- [INFO] Building jar: >> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/ >> plugins/portlet-tiles/target/struts2-portlet-tiles-plugin-2.6-SNAPSHOT >> -sources.jar> >> [INFO] >> [INFO] --- maven-site-plugin:3.7.1:attach-descriptor >> (attach-descriptor) @ struts2-portlet-tiles-plugin --- [INFO] Skipping >> because >packaging 'jar' is not pom. >> [INFO] >> [INFO] --- dependency-check-maven:4.0.2:check (default) @ >> struts2-portlet-tiles-plugin --- [INFO] Central analyzer disabled >> [INFO] Checking for updates [INFO] Skipping NVD check since last check >> was within 4 hours. >> [INFO] Skipping RetireJS update since last update was within 24 hours. >> [INFO] Check for updates complete (7 ms) [INFO] Analysis Started >> [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name >> Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] >> Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished >> Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 >> seconds) [INFO] Created CPE Index (0 seconds) [INFO] Skipping CPE >> Analysis for npm [INFO] Finished CPE Analyzer (0 seconds) [INFO] >> Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE >> Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression >> Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 >> seconds) [INFO] Analysis Complete (1 seconds) [WARNING] >> >> One or more dependencies were identified with known vulnerabilities in >> Struts 2 >Portlet Tiles Plugin: >> >> tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8, >> cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) : >> CVE-2016-3093 >> >> >> See the dependency-check report for more details. >> >> >> [INFO] >> [INFO] -------------< org.apache.struts:struts2-sitegraph-plugin >> >------------- >> [INFO] Building DEPRECATED: Struts 2 Sitegraph Plugin 2.6-SNAPSHOT >[31/36] >> [INFO] --------------------------------[ jar >> ]--------------------------------- >> [INFO] >> [INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) >> @ struts2-sitegraph-plugin --- [INFO] [INFO] --- >> maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ >> struts2-sitegraph-plugin --- [INFO] [INFO] --- >> maven-resources-plugin:3.1.0:resources (default-resources) @ >> struts2-sitegraph-plugin --- [INFO] Using 'UTF-8' encoding to copy filtered >resources. >> [INFO] Copying 3 resources >> [INFO] Copying 3 resources >> [INFO] >> [INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ >> struts2-sitegraph-plugin --- [INFO] Changes detected - recompiling the >> module! >> [INFO] Compiling 18 source files to >> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/ >> plugins/sitegraph/target/classes> [INFO] >> <https://builds.apache.org/job/Struts-master-JDK8-dependency- >check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: ><https://builds.apache.org/job/Struts-master-JDK8-dependency- >check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java> uses >unchecked or unsafe operations. >> [INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency- >check/ws/plugins/sitegraph/src/main/java/org/apache/struts2/Main.java>: >Recompile with -Xlint:unchecked for details. >> [INFO] >> [INFO] --- maven-bundle-plugin:3.5.0:manifest (bundle-manifest) @ >> struts2-sitegraph-plugin --- [INFO] [INFO] --- >> maven-resources-plugin:3.1.0:testResources (default-testResources) @ >> struts2-sitegraph-plugin --- [INFO] Using 'UTF-8' encoding to copy filtered >resources. >> [INFO] Copying 6 resources >> [INFO] Copying 3 resources >> [INFO] >> [INFO] --- maven-compiler-plugin:3.7.0:testCompile >> (default-testCompile) @ struts2-sitegraph-plugin --- [INFO] Changes detected >> - >recompiling the module! >> [INFO] Compiling 1 source file to >> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/ >> plugins/sitegraph/target/test-classes> >> [INFO] >> [INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ >> struts2-sitegraph-plugin --- [INFO] [INFO] >> ------------------------------------------------------- >> [INFO] T E S T S >> [INFO] ------------------------------------------------------- >> [INFO] Running org.apache.struts2.sitegraph.SiteGraphTest >> ERROR StatusLogger Log4j2 could not find a logging implementation. Please >add log4j-core to the classpath. Using SimpleLogger to log to the console... >> [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: >> 0.741 s - in org.apache.struts2.sitegraph.SiteGraphTest >> [INFO] >> [INFO] Results: >> [INFO] >> [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0 [INFO] [INFO] >> [INFO] --- apache-rat-plugin:0.12:check (default) @ >> struts2-sitegraph-plugin --- [INFO] Added 1 additional default licenses. >> [INFO] Added 1 custom approved licenses. >> [INFO] Will parse SCM ignores for exclusions... >> [INFO] Finished adding exclusions from SCM ignore files. >> [INFO] 61 implicit excludes (use -debug for more details). >> [INFO] Exclude: Jenkinsfile >> [INFO] Exclude: src/main/groovy/Jenkinsfile.gdsl [INFO] Exclude: >> src/main/resources/org/apache/struts2/static/domTT.js >> [INFO] Exclude: src/site/resources/tags/**/*.html [INFO] Exclude: >> src/main/resources/*LICENSE.txt [INFO] Exclude: >> src/test/resources/**/*.txt [INFO] Exclude: src/main/webapp/**/*.css >> [INFO] Exclude: src/main/webapp/**/*.map [INFO] Exclude: >> src/main/webapp/**/*.js [INFO] Exclude: src/main/webapp/**/*.svg >> [INFO] Exclude: src/main/webapp/**/*.txt [INFO] Exclude: >> src/main/resources/**/sitegraph-usage.txt >> [INFO] Exclude: src/main/resources/**/docs-urls.txt >> [INFO] Exclude: src/etc/header.txt >> [INFO] Exclude: src/main/resources/static/css/**/*.css >> [INFO] Exclude: src/main/resources/static/js/**/*.js >> [INFO] Exclude: src/main/resources/docs.cfg [INFO] Exclude: >> src/main/webapp/fonts/**/* [INFO] 27 resources included (use -debug >> for more details) [INFO] Rat check: Summary over all files. >> Unapproved: 0, unknown: 0, generated: 0, approved: 26 licenses. >> [INFO] >> [INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ >> struts2-sitegraph-plugin --- [INFO] Building jar: >> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/ >> plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT.jar> >> [INFO] >> [INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > >> generate-sources @ struts2-sitegraph-plugin >>> [INFO] [INFO] --- >> maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ >> struts2-sitegraph-plugin --- [INFO] [INFO] <<< >> maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ >> struts2-sitegraph-plugin <<< [INFO] [INFO] [INFO] --- >> maven-source-plugin:3.0.1:jar (attach-sources) @ >> struts2-sitegraph-plugin --- [INFO] Building jar: >> <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/ >> plugins/sitegraph/target/struts2-sitegraph-plugin-2.6-SNAPSHOT-sources >> .jar> >> [INFO] >> [INFO] --- maven-site-plugin:3.7.1:attach-descriptor >> (attach-descriptor) @ struts2-sitegraph-plugin --- [INFO] Skipping because >packaging 'jar' is not pom. >> [INFO] >> [INFO] --- dependency-check-maven:4.0.2:check (default) @ >> struts2-sitegraph-plugin --- [INFO] Central analyzer disabled [INFO] >> Checking for updates [INFO] Skipping NVD check since last check was >> within 4 hours. >> [INFO] Skipping RetireJS update since last update was within 24 hours. >> [INFO] Check for updates complete (7 ms) [INFO] Analysis Started >> [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name >> Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] >> Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished >> Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 >> seconds) [INFO] Created CPE Index (0 seconds) [INFO] Skipping CPE >> Analysis for npm [INFO] Finished CPE Analyzer (0 seconds) [INFO] >> Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE >> Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression >> Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 >> seconds) [INFO] Analysis Complete (1 seconds) [WARNING] >> >> One or more dependencies were identified with known vulnerabilities in >DEPRECATED: Struts 2 Sitegraph Plugin: >> >> org.mortbay.jetty-5.1.4.jar (jetty:org.mortbay.jetty:5.1.4, >> cpe:/a:mortbay_jetty:jetty:5.1.4, cpe:/a:mortbay:jetty:5.1.4, >> cpe:/a:jetty:jetty:5.1.4) : CVE-2011-4461, CVE-2009-1524, >> CVE-2009-1523, CVE-2005-3747, CVE-2007-5615 jasper-compiler-5.5.12.jar >> (cpe:/a:apache:tomcat:5.5.12, >> cpe:/a:apache_software_foundation:tomcat:5.5.12, >> cpe:/a:jasper_project:jasper:5.5.12, tomcat:jasper-compiler:5.5.12) : >> CVE-2007-6286, CVE-2009-3548, CVE-2010-1157, CVE-2014-0096, >> CVE-2009-0033, CVE-2014-0099, CVE-2008-4308, CVE-2008-5519, >> CVE-2009-2693, CVE-2017-6056, CVE-2012-5568, CVE-2012-5887, >> CVE-2012-5885, CVE-2011-2526, CVE-2012-5886, CVE-2008-2370, >> CVE-2013-6357, CVE-2006-3835, CVE-2011-2204, CVE-2007-5342, >> CVE-2008-1947, CVE-2007-0450, CVE-2011-3190, CVE-2008-5515, >> CVE-2007-1858, CVE-2016-6325, CVE-2008-1232, CVE-2014-0119, >> CVE-2010-2227, CVE-2011-5063, CVE-2011-5062, CVE-2014-0075, >> CVE-2008-0128, CVE-2011-1184, CVE-2011-5064, CVE-2010-3718, >> CVE-2007-5333, CVE-2006-7195, CVE-2013-4590, CVE-2006-7196, >> CVE-2016-5425, CVE-2009-2901, CVE-2009-2902, CVE-2009-0783, >> CVE-2009-0781, CVE-2007-3385, CVE-2007-2450, CVE-2007-3382, >> CVE-2007-3386, CVE-2009-0580, CVE-2012-0022, CVE-2007-2449, >> CVE-2013-4322, CVE-2011-0013, CVE-2013-4444, CVE-2013-4286, >> CVE-2013-2185 jasper-runtime-5.5.12.jar (tomcat:jasper-runtime:5.5.12, >> cpe:/a:apache:tomcat:5.5.12, >> cpe:/a:apache_software_foundation:tomcat:5.5.12, >> cpe:/a:jasper_project:jasper:5.5.12) : CVE-2007-6286, CVE-2009-3548, >> CVE-2010-1157, CVE-2014-0096, CVE-2009-0033, CVE-2014-0099, >> CVE-2008-4308, CVE-2008-5519, CVE-2009-2693, CVE-2017-6056, >> CVE-2012-5568, CVE-2012-5887, CVE-2012-5885, CVE-2011-2526, >> CVE-2012-5886, CVE-2008-2370, CVE-2013-6357, CVE-2006-3835, >> CVE-2011-2204, CVE-2007-5342, CVE-2008-1947, CVE-2007-0450, >> CVE-2011-3190, CVE-2008-5515, CVE-2007-1858, CVE-2016-6325, >> CVE-2008-1232, CVE-2014-0119, CVE-2010-2227, CVE-2011-5063, >> CVE-2011-5062, CVE-2014-0075, CVE-2008-0128, CVE-2011-1184, >> CVE-2011-5064, CVE-2010-3718, CVE-2007-5333, CVE-2006-7195, >> CVE-2013-4590, CVE-2006-7196, CVE-2016-5425, CVE-2009-2901, >> CVE-2009-2902, CVE-2009-0783, CVE-2009-0781, CVE-2007-3385, >> CVE-2007-2450, CVE-2007-3382, CVE-2007-3386, CVE-2009-0580, >> CVE-2012-0022, CVE-2007-2449, CVE-2013-4322, CVE-2011-0013, >> CVE-2013-4444, CVE-2013-4286, CVE-2013-2185 >> >> >> See the dependency-check report for more details. >> >> >> [INFO] >> ---------------------------------------------------------------------- >> -- [INFO] Reactor Summary for Struts 2 2.6-SNAPSHOT: >> [INFO] >> [INFO] Struts 2 Bill of Materials ......................... SUCCESS [ >> 1.311 s] [INFO] Struts 2 ........................................... >> SUCCESS [03:30 min] [INFO] Struts 2 Core >> ...................................... SUCCESS [01:29 min] [INFO] >> Struts 2 Plugins ................................... SUCCESS [ 2.307 >> s] [INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS >> [ 2.663 s] [INFO] Struts 2 Sitemesh Plugin >> ........................... SUCCESS [ 3.123 s] [INFO] Struts 2 Tiles >> Plugin .............................. SUCCESS [ 4.475 s] [INFO] >> Struts 2 DWR Plugin ................................ SUCCESS [ 2.623 >> s] [INFO] Struts 2 Spring Plugin ............................. SUCCESS >> [ 4.578 s] [INFO] Struts 2 Convention Plugin >> ......................... SUCCESS [ 9.642 s] [INFO] Struts 2 JUnit >> Plugin .............................. SUCCESS [ 7.375 s] [INFO] >> Struts 2 JSON Plugin ............................... SUCCESS [ 8.108 >> s] [INFO] Struts 2 Bean Validation Plugin .................... SUCCESS >> [ 4.799 s] [INFO] Struts 2 Async Plugin >> .............................. SUCCESS [ 3.717 s] [INFO] Struts 2 >> Webapps ................................... SUCCESS [ 2.952 s] [INFO] >> Struts 2 Showcase Webapp ........................... SUCCESS [ 50.391 >> s] [INFO] Struts 2 REST Plugin ............................... SUCCESS >> [ 5.658 s] [INFO] Struts 2 Rest Showcase Webapp >> ...................... SUCCESS [ 3.064 s] [INFO] Struts 2 CDI Plugin >> ................................ SUCCESS [ 4.243 s] [INFO] >> DEPRECATED: Struts 2 Embedded JSP Plugin ........... SUCCESS [ 8.846 >> s] [INFO] Struts 2 GXP Plugin ................................ SUCCESS >> [ 2.715 s] [INFO] Struts 2 Jasper Reports Plugin >> ..................... SUCCESS [ 6.386 s] [INFO] Struts 2 Java >> Templates Plugin ..................... SUCCESS [ 3.843 s] [INFO] >> Struts 2 JFreeChart Plugin ......................... SUCCESS [ 5.191 >> s] [INFO] Struts 2 OSGi Plugin ............................... SUCCESS >> [ 4.481 s] [INFO] Struts 2 OVal Plugin >> ............................... SUCCESS [ 5.519 s] [INFO] Struts 2 >> Pell Multipart Plugin ..................... SUCCESS [ 3.345 s] [INFO] >> Struts 2 Plexus Plugin ............................. SUCCESS [ 2.621 >> s] [INFO] Struts 2 Portlet Plugin ............................ SUCCESS >> [ 7.886 s] [INFO] Struts 2 Portlet Tiles Plugin >> ...................... SUCCESS [ 2.891 s] [INFO] DEPRECATED: Struts 2 >> Sitegraph Plugin .............. FAILURE [ 6.757 s] [INFO] Struts 2 >> TestNG Plugin ............................. SKIPPED [INFO] Struts 2 >> OSGi Bundles .............................. SKIPPED [INFO] Struts 2 >> OSGi Admin Bundle ......................... SKIPPED [INFO] Struts 2 >> OSGi Demo Bundle .......................... SKIPPED [INFO] Struts 2 >> Assembly .................................. SKIPPED [INFO] >> ---------------------------------------------------------------------- >> -- >> [INFO] BUILD FAILURE >> [INFO] >> ---------------------------------------------------------------------- >> -- >> [INFO] Total time: 08:03 min >> [INFO] Finished at: 2019-02-05T09:30:18Z [INFO] >> ---------------------------------------------------------------------- >> -- [ERROR] Failed to execute goal >> org.owasp:dependency-check-maven:4.0.2:check (default) on project struts2- >sitegraph-plugin: >> [ERROR] >> [ERROR] One or more dependencies were identified with vulnerabilities that >have a CVSS score greater than or equal to '7.0': >> [ERROR] >> [ERROR] jasper-compiler-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, >> CVE-2016-6325, CVE-2016-5425, CVE-2013-2185 [ERROR] >> jasper-runtime-5.5.12.jar: CVE-2009-3548, CVE-2011-3190, >> CVE-2016-6325, CVE-2016-5425, CVE-2013-2185 [ERROR] [ERROR] See the >dependency-check report for more details. >> [ERROR] >> [ERROR] >> [ERROR] -> [Help 1] >> [ERROR] >> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e >switch. >> [ERROR] Re-run Maven using the -X switch to enable full debug logging. >> [ERROR] >> [ERROR] For more information about the errors and possible solutions, please >read the following articles: >> [ERROR] [Help 1] >> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException >> [ERROR] >> [ERROR] After correcting the problems, you can resume the build with the >command >> [ERROR] mvn <goals> -rf :struts2-sitegraph-plugin >> Build step 'Execute shell' marked build as failure [locks-and-latches] >> Releasing all the locks [locks-and-latches] All the locks released >> Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/ >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For >> additional commands, e-mail: dev-h...@struts.apache.org >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional >commands, e-mail: dev-h...@struts.apache.org
