“Good” news https://github.com/dependency-check/DependencyCheck/issues/7847
"As documented in other issues - no. There is no Java 8 version of dependency-check that works with the current data feeds/API.” https://github.com/dependency-check/DependencyCheck/issues/7463 "Due to compatibility issues with the NVD API - all users must upgrade to 12.1.0 or later.” Best, Andor > On Aug 15, 2025, at 12:19, Andor Molnar <an...@apache.org> wrote: > > Hi all, > > During the 3.8.5 release process I noticed that I cannot run Owasp dependency > check due to the following parsing error: > > 12:06:36 [ERROR] org.owasp.dependencycheck.data.nvdcve.DatabaseException: > Unable to parse CPE: cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:* > 12:06:36 org.owasp.dependencycheck.data.update.exception.UpdateException: > org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: > cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:* > 12:06:36 at > org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles > (ProcessTask.java:157) > 12:06:36 at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call > (ProcessTask.java:114) > 12:06:36 at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call > (ProcessTask.java:41) > 12:06:36 at java.util.concurrent.FutureTask.run (FutureTask.java:266) > 12:06:36 at java.util.concurrent.ThreadPoolExecutor.runWorker > (ThreadPoolExecutor.java:1149) > 12:06:36 at java.util.concurrent.ThreadPoolExecutor$Worker.run > (ThreadPoolExecutor.java:624) > 12:06:36 at java.lang.Thread.run (Thread.java:750) > > Does it ring a bell to anybody? > I’ll try to upgrade Owasp, because we’re using a pretty old version 8.3.1. > Looks like 10.0.4 is the most recent which runs on JDK 8. > > Ticket: https://issues.apache.org/jira/browse/ZOOKEEPER-4960 > > Regards, > Andor > >
