Maybe this needs better documentation, however this is a “works as designed” feature!
To avoid the build failing, run mvn package -Dossindex.fail=false This caught me as well the first time, I wonder if there was a nice way of giving a helpful error message? > On Apr 6, 2020, at 2:19 AM, lewis john mcgibbney <[email protected]> wrote: > > I'm also seeing a depreciation notice for the ossindex-maven-plugin as well > > https://github.com/OSSIndex/ossindex-maven-plugin#deprecated-please-upgrade-to-ossindex-maven > > Any info please folks? > Thanks > > On Sun, Apr 5, 2020 at 11:14 PM lewis john mcgibbney <[email protected]> > wrote: > >> Hi dev@, >> Working on TIKA-3082, I just tried to build master branch >> >> Downgrading my Java version to 1.8 >> java -version >> java version "1.8.0_221" >> Java(TM) SE Runtime Environment (build 1.8.0_221-b11) >> Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode) >> >> [INFO] --- ossindex-maven-plugin:3.1.0:audit (audit-dependencies) @ >> tika-parsers --- >> [INFO] Checking for vulnerabilities; 154 artifacts >> [INFO] Exclude coordinates: [] >> [INFO] Exclude vulnerability identifiers: [] >> [INFO] CVSS-score threshold: 0.0 >> [INFO] >> ------------------------------------------------------------------------ >> [INFO] Reactor Summary for Apache Tika 2.0.0-SNAPSHOT: >> [INFO] >> [INFO] Apache Tika parent ................................. SUCCESS [ >> 2.663 s] >> [INFO] Apache Tika core ................................... SUCCESS [ >> 10.059 s] >> [INFO] Apache Tika parsers ................................ FAILURE [ >> 4.035 s] >> [INFO] Apache Tika OSGi bundle ............................ SKIPPED >> [INFO] Apache Tika XMP .................................... SKIPPED >> [INFO] Apache Tika serialization .......................... SKIPPED >> [INFO] Apache Tika batch .................................. SKIPPED >> [INFO] Apache Tika language detection ..................... SKIPPED >> [INFO] Apache Tika application ............................ SKIPPED >> [INFO] Apache Tika translate .............................. SKIPPED >> [INFO] Apache Tika server ................................. SKIPPED >> [INFO] Apache Tika fuzzing ................................ SKIPPED >> [INFO] Apache Tika eval ................................... SKIPPED >> [INFO] Apache Tika examples ............................... SKIPPED >> [INFO] Apache Tika Java-7 Components ...................... SKIPPED >> [INFO] Apache Tika Deep Learning (powered by DL4J) ........ SKIPPED >> [INFO] Apache Tika Natural Language Processing ............ SKIPPED >> [INFO] Apache Tika ........................................ SKIPPED >> [INFO] >> ------------------------------------------------------------------------ >> [INFO] BUILD FAILURE >> [INFO] >> ------------------------------------------------------------------------ >> [INFO] Total time: 17.641 s >> [INFO] Finished at: 2020-04-05T23:08:02-07:00 >> [INFO] >> ------------------------------------------------------------------------ >> [ERROR] Failed to execute goal >> org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0:audit >> (audit-dependencies) on project tika-parsers: Detected 2 vulnerable >> components: >> [ERROR] org.apache.cxf:cxf-core:jar:3.3.5:compile; >> https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/[email protected] >> [ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with >> JMX by registering an Instrumentati... (5.3); >> https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51 >> [ERROR] org.apache.cxf:cxf-rt-frontend-jaxrs:jar:3.3.5:compile; >> https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/[email protected] >> [ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with >> JMX by registering an Instrumentati... (5.3); >> https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51 >> [ERROR] >> [ERROR] -> [Help 1] >> [ERROR] >> [ERROR] To see the full stack trace of the errors, re-run Maven with the >> -e switch. >> [ERROR] Re-run Maven using the -X switch to enable full debug logging. >> [ERROR] >> [ERROR] For more information about the errors and possible solutions, >> please read the following articles: >> [ERROR] [Help 1] >> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException >> [ERROR] >> [ERROR] After correcting the problems, you can resume the build with the >> command >> [ERROR] mvn <goals> -rf :tika-parsers >> >> Is anyone else experiencing this issue? I can't imagine I'm the only >> one...! >> Thanks >> Lewis >> >> -- >> http://home.apache.org/~lewismc/ >> http://people.apache.org/keys/committer/lewismc >> > > > -- > http://home.apache.org/~lewismc/ > http://people.apache.org/keys/committer/lewismc _______________________ Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw> This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
