Worst case scenario, or if you're building older releases: mvn clean install -Dossindex.skip
On Mon, Apr 22, 2024 at 10:35 AM Nicholas DiPiazza < nicholas.dipia...@gmail.com> wrote: > thanks I'll pull latest > appreciate your help. > > On Mon, Apr 22, 2024 at 9:30 AM Tilman Hausherr <thaush...@t-online.de> > wrote: > > > Hi, > > > > We look what the CVE is about. Some CVEs are irrelevant (see recent rant > > from Tim) and we can add an exclusion in the OSS section. Sometimes all > > what is needed is to update a dependency or add it in the management > > section or exclude it (in the assumptions that the tests cover > everything). > > > > About this case: it has been updated in the repository to exclude two > > threeten versions from OSS. > > > > Tilman > > > > On 22.04.2024 16:16, Nicholas DiPiazza wrote: > > > When getting these sorts of errors: > > > > > > [ERROR] Failed to execute goal > > > org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit > > > (audit-dependencies) on project tika-dl: Detected 1 vulnerable > > components: > > > [ERROR] org.threeten:threetenbp:jar:1.3.3:provided; > > > > > > https://ossindex.sonatype.org/component/pkg:maven/org.threeten/threetenbp@1.3.3?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 > > > [ERROR] * [CVE-2024-23081] CWE-476: NULL Pointer Dereference (3.7); > > > > > > https://ossindex.sonatype.org/vulnerability/CVE-2024-23081?component-type=maven&component-name=org.threeten%2Fthreetenbp&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 > > > [ERROR] * [CVE-2024-23082] CWE-190: Integer Overflow or Wraparound > > > (5.3); > > > > > > https://ossindex.sonatype.org/vulnerability/CVE-2024-23082?component-type=maven&component-name=org.threeten%2Fthreetenbp&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1 > > > [ERROR] > > > > > > How do you all typically proceed? Do I patch the issue and move on > > somehow? > > > How do i get my builds to work now that this error has happened? > > > > > > -Nicholas > > > > > > > >
