Had to look it up, owasp stands for "Open Web Application Security Project".
1) we make use of a "dependency-check-maven" plugin version 3.2.1. I am starting to suspect the above bundles are either baked in, or come from a json feed, consumed by this plugin. 2) dependency-check-maven configured here: https://github.com/geoserver/geoserver/blob/master/build/qa/dependency-check-suppression.xml The latest version of the plugin is 5.3.0, since these fail at the moment there is probably no harm in upgrading? -- Jody Garnett On Sat, 7 Mar 2020 at 11:58, Jody Garnett <jody.garn...@gmail.com> wrote: > I am setting up a new round of builds for 2.17.x and turning off 2.15 > builds, and noticed a couple unhappy builds that could use a look: > > geotools-master-owasp > <https://build.geoserver.org/view/geotools/job/geotools-master-owasp/> > > [ERROR] IO Exception connecting to > https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2015.xml.gz: GET > request returned a non-200 status code: > https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2015.xml.gz > > > geotools-master-owasp-check > <https://build.geoserver.org/view/geotools/job/geotools-master-owasp-check/> > > [ERROR] IO Exception connecting to > https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2009.xml.gz: HEAD > request returned a non-200 status code: > https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2009.xml.gz > > > > geoserver-master-owasp-check > <https://build.geoserver.org/view/geoserver/job/geoserver-master-owasp-check/> > > [ERROR] IO Exception connecting to > https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2008.xml.gz: HEAD > request returned a non-200 status code: > https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-2008.xml.gz > > > The last successful one of these owasp builds is from August 8th 2019 > -- > Jody Garnett >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
