See <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/212/display/redirect>
Changes: ------------------------------------------ [...truncated 724.79 KB...] [INFO] [INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0 [INFO] [INFO] [INFO] --- jetty-maven-plugin:8.1.16.v20140903:stop (stop-jetty) @ struts2-showcase --- [INFO] [INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-showcase --- [INFO] Central analyzer disabled [INFO] Checking for updates [INFO] Skipping NVD check since last check was within 4 hours. [INFO] Skipping RetireJS update since last update was within 24 hours. [INFO] Check for updates complete (24 ms) [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) [INFO] Skipping CPE Analysis for npm [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Analysis Complete (3 seconds) [WARNING] One or more dependencies were identified with known vulnerabilities in Struts 2 Showcase Webapp: tiles-ognl-3.0.8.jar (cpe:/a:ognl_project:ognl:3.0.8, cpe:/a:apache:tiles:3.0.8, org.apache.tiles:tiles-ognl:3.0.8) : CVE-2016-3093 sitemesh-2.4.2.jar (cpe:/a:mesh_project:mesh:2.4.2, opensymphony:sitemesh:2.4.2) : CVE-2018-10769 See the dependency-check report for more details. [INFO] [INFO] --- maven-failsafe-plugin:2.22.1:verify (verify) @ struts2-showcase --- [INFO] [INFO] ---------------< org.apache.struts:struts2-rest-plugin >---------------- [INFO] Building Struts 2 REST Plugin 2.6-SNAPSHOT [17/35] [INFO] --------------------------------[ jar ]--------------------------------- [INFO] [INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce) @ struts2-rest-plugin --- [INFO] [INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce-maven-version) @ struts2-rest-plugin --- [INFO] [INFO] --- maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ struts2-rest-plugin --- [INFO] [INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-rest-plugin --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] Copying 4 resources [INFO] Copying 3 resources [INFO] [INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ struts2-rest-plugin --- [INFO] Changes detected - recompiling the module! [INFO] Compiling 24 source files to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/target/classes> [INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/src/main/java/org/apache/struts2/rest/handler/AbstractContentTypeHandler.java>: Some input files use or override a deprecated API. [INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/src/main/java/org/apache/struts2/rest/handler/AbstractContentTypeHandler.java>: Recompile with -Xlint:deprecation for details. [INFO] [INFO] --- maven-bundle-plugin:3.5.0:manifest (bundle-manifest) @ struts2-rest-plugin --- [INFO] [INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-rest-plugin --- [INFO] Using 'UTF-8' encoding to copy filtered resources. [INFO] skip non existing resourceDirectory <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/src/test/resources> [INFO] Copying 3 resources [INFO] [INFO] --- maven-compiler-plugin:3.7.0:testCompile (default-testCompile) @ struts2-rest-plugin --- [INFO] Changes detected - recompiling the module! [INFO] Compiling 11 source files to <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/target/test-classes> [INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/src/test/java/org/apache/struts2/rest/handler/Contact.java>: Some input files use unchecked or unsafe operations. [INFO] <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/src/test/java/org/apache/struts2/rest/handler/Contact.java>: Recompile with -Xlint:unchecked for details. [INFO] [INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ struts2-rest-plugin --- [INFO] [INFO] ------------------------------------------------------- [INFO] T E S T S [INFO] ------------------------------------------------------- [INFO] Running org.apache.struts2.rest.RestWorkflowInterceptorTest ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console... [INFO] Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.148 s - in org.apache.struts2.rest.RestWorkflowInterceptorTest [INFO] Running org.apache.struts2.rest.DefaultHttpHeadersTest [INFO] Tests run: 15, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.228 s - in org.apache.struts2.rest.DefaultHttpHeadersTest [INFO] Running org.apache.struts2.rest.RestActionMapperTest [INFO] Tests run: 26, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.04 s - in org.apache.struts2.rest.RestActionMapperTest [INFO] Running org.apache.struts2.rest.handler.JacksonJsonHandlerTest [INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.431 s - in org.apache.struts2.rest.handler.JacksonJsonHandlerTest [INFO] Running org.apache.struts2.rest.handler.JuneauXmlHandlerTest [INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.357 s - in org.apache.struts2.rest.handler.JuneauXmlHandlerTest [INFO] Running org.apache.struts2.rest.handler.JacksonXmlHandlerTest [INFO] Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.152 s - in org.apache.struts2.rest.handler.JacksonXmlHandlerTest [INFO] Running org.apache.struts2.rest.RestActionInvocationTest [INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.237 s - in org.apache.struts2.rest.RestActionInvocationTest [INFO] Running org.apache.struts2.rest.DefaultContentTypeHandlerManagerTest [INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.113 s - in org.apache.struts2.rest.DefaultContentTypeHandlerManagerTest [INFO] Running org.apache.struts2.rest.ContentTypeHandlerManagerTest [INFO] Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.011 s - in org.apache.struts2.rest.ContentTypeHandlerManagerTest [INFO] [INFO] Results: [INFO] [INFO] Tests run: 68, Failures: 0, Errors: 0, Skipped: 0 [INFO] [INFO] [INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-rest-plugin --- [INFO] Added 1 additional default licenses. [INFO] Added 1 custom approved licenses. [INFO] Will parse SCM ignores for exclusions... [INFO] Finished adding exclusions from SCM ignore files. [INFO] 61 implicit excludes (use -debug for more details). [INFO] Exclude: Jenkinsfile [INFO] Exclude: src/main/groovy/Jenkinsfile.gdsl [INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js [INFO] Exclude: src/site/resources/tags/**/*.html [INFO] Exclude: src/main/resources/*LICENSE.txt [INFO] Exclude: src/test/resources/**/*.txt [INFO] Exclude: src/main/webapp/**/*.css [INFO] Exclude: src/main/webapp/**/*.map [INFO] Exclude: src/main/webapp/**/*.js [INFO] Exclude: src/main/webapp/**/*.svg [INFO] Exclude: src/main/webapp/**/*.txt [INFO] Exclude: src/main/resources/**/docs-urls.txt [INFO] Exclude: src/etc/header.txt [INFO] Exclude: src/main/resources/static/css/**/*.css [INFO] Exclude: src/main/resources/static/js/**/*.js [INFO] Exclude: src/main/resources/docs.cfg [INFO] Exclude: src/main/webapp/fonts/**/* [INFO] 39 resources included (use -debug for more details) [INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved: 38 licenses. [INFO] [INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-rest-plugin --- [INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/target/struts2-rest-plugin-2.6-SNAPSHOT.jar> [INFO] [INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @ struts2-rest-plugin >>> [INFO] [INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce) @ struts2-rest-plugin --- [INFO] [INFO] --- maven-enforcer-plugin:3.0.0-M2:enforce (enforce-maven-version) @ struts2-rest-plugin --- [INFO] [INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @ struts2-rest-plugin <<< [INFO] [INFO] [INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-rest-plugin --- [INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK8-dependency-check/ws/plugins/rest/target/struts2-rest-plugin-2.6-SNAPSHOT-sources.jar> [INFO] [INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-rest-plugin --- [INFO] Skipping because packaging 'jar' is not pom. [INFO] [INFO] --- dependency-check-maven:4.0.2:check (default) @ struts2-rest-plugin --- [INFO] Central analyzer disabled [INFO] Checking for updates [INFO] Skipping NVD check since last check was within 4 hours. [INFO] Skipping RetireJS update since last update was within 24 hours. [INFO] Check for updates complete (17 ms) [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) [INFO] Skipping CPE Analysis for npm [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Analysis Complete (2 seconds) [WARNING] One or more dependencies were identified with known vulnerabilities in Struts 2 REST Plugin: jackson-databind-2.9.9.3.jar (cpe:/a:fasterxml:jackson-databind:2.9.9.3, cpe:/a:fasterxml:jackson:2.9.9.3, com.fasterxml.jackson.core:jackson-databind:2.9.9.3) : CVE-2019-16335, CVE-2019-14540 jackson-dataformat-xml-2.9.9.jar (cpe:/a:fasterxml:jackson:2.9.9, com.fasterxml.jackson.dataformat:jackson-dataformat-xml:2.9.9, cpe:/a:fasterxml:jackson-databind:2.9.9) : CVE-2019-14379, CVE-2019-16335, CVE-2019-12814, CVE-2019-14439, CVE-2019-14540, CVE-2019-12384 See the dependency-check report for more details. [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary for Struts 2 2.6-SNAPSHOT: [INFO] [INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 2.209 s] [INFO] Struts 2 ........................................... SUCCESS [30:58 min] [INFO] Struts 2 Core ...................................... SUCCESS [02:54 min] [INFO] Struts 2 Plugins ................................... SUCCESS [ 5.188 s] [INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [ 5.725 s] [INFO] Struts 2 Sitemesh Plugin ........................... SUCCESS [ 6.993 s] [INFO] Struts 2 Tiles Plugin .............................. SUCCESS [ 8.949 s] [INFO] Struts 2 DWR Plugin ................................ SUCCESS [ 5.293 s] [INFO] Struts 2 Spring Plugin ............................. SUCCESS [ 7.878 s] [INFO] Struts 2 Convention Plugin ......................... SUCCESS [ 16.866 s] [INFO] Struts 2 JUnit Plugin .............................. SUCCESS [ 11.887 s] [INFO] Struts 2 JSON Plugin ............................... SUCCESS [ 14.752 s] [INFO] Struts 2 Bean Validation Plugin .................... SUCCESS [ 10.447 s] [INFO] Struts 2 Async Plugin .............................. SUCCESS [ 6.560 s] [INFO] Struts 2 Webapps ................................... SUCCESS [ 5.017 s] [INFO] Struts 2 Showcase Webapp ........................... SUCCESS [01:27 min] [INFO] Struts 2 REST Plugin ............................... FAILURE [ 12.958 s] [INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED [INFO] Struts 2 CDI Plugin ................................ SKIPPED [INFO] DEPRECATED: Struts 2 Embedded JSP Plugin ........... SKIPPED [INFO] Struts 2 GXP Plugin ................................ SKIPPED [INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED [INFO] Struts 2 Java Templates Plugin ..................... SKIPPED [INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED [INFO] Struts 2 OSGi Plugin ............................... SKIPPED [INFO] Struts 2 OVal Plugin ............................... SKIPPED [INFO] Struts 2 Pell Multipart Plugin ..................... SKIPPED [INFO] Struts 2 Plexus Plugin ............................. SKIPPED [INFO] Struts 2 Portlet Plugin ............................ SKIPPED [INFO] Struts 2 Portlet Tiles Plugin ...................... SKIPPED [INFO] Struts 2 TestNG Plugin ............................. SKIPPED [INFO] Struts 2 OSGi Bundles .............................. SKIPPED [INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED [INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED [INFO] Struts 2 Assembly .................................. SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 37:25 min [INFO] Finished at: 2019-10-06T08:33:26Z [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.owasp:dependency-check-maven:4.0.2:check (default) on project struts2-rest-plugin: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': [ERROR] [ERROR] jackson-databind-2.9.9.3.jar: CVE-2019-16335, CVE-2019-14540 [ERROR] jackson-dataformat-xml-2.9.9.jar: CVE-2019-14379, CVE-2019-16335, CVE-2019-14540 [ERROR] [ERROR] See the dependency-check report for more details. [ERROR] [ERROR] [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn <args> -rf :struts2-rest-plugin Build step 'Execute shell' marked build as failure [locks-and-latches] Releasing all the locks [locks-and-latches] All the locks released Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
