[ https://issues.apache.org/jira/browse/OFBIZ-10700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16782712#comment-16782712 ]
Jacques Le Roux commented on OFBIZ-10700: ----------------------------------------- It works here with [^OWASP-failure.patch] applied {noformat} C:\projectsASF\ofbiz>gradlew -PenableOwasp dependencyCheckAnalyze > Task :dependencyCheckAnalyze Verifying dependencies for project ofbiz Checking for updates and analyzing vulnerabilities for dependencies A new version of dependency-check is available. Consider updating to version 5.0.0.m1. Unable to download pom.xml for org.eclipse.datatools.enablement.postgresql-1.1.1.v201205252207.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.apache.batik.transcoder-1.6.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.apache.batik.xml-1.6.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.apache.xerces-2.9.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.eclipse.datatools.modelbase.sql.query-1.1.4.v201212120619.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for Tidy-1.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.w3c.css.sac-1.3.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.eclipse.datatools.connectivity.console.profile-1.0.10.v201109250955.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for org.apache.commons.codec-1.3.0.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for aspectjrt-1.5.3.jar from Central; this could result in undetected CPE/CVEs. Unable to download pom.xml for antlr-2.7.6.jar from Central; this could result in undetected CPE/CVEs. > Task :dependencyCheckAnalyze Generating report for project ofbiz Found 498 vulnerabilities in project ofbiz One or more dependencies were identified with known vulnerabilities: asciidoctorj-1.5.7.jar (cpe:/a:jruby:jruby:1.5.7, org.asciidoctor:asciidoctorj:1.5.7) : CVE-2011-4838, CVE-2012-5370 [...] {noformat} > Use the Gradle Plugin DSL > ------------------------- > > Key: OFBIZ-10700 > URL: https://issues.apache.org/jira/browse/OFBIZ-10700 > Project: OFBiz > Issue Type: Improvement > Components: framework > Affects Versions: Trunk > Reporter: Mathieu Lirzin > Assignee: Mathieu Lirzin > Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-10700_Improved-Use-the-Gradle-Plugin-DSL.patch, > OWASP-failure.patch > > > Since Gradle 2.1 it is recommended to use the {{plugins {}}} block for > binary plugins instead of the “traditional” {{apply()}} method. See > [here|https://docs.gradle.org/current/userguide/plugins.html] for more > details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)