See
<https://ci-builds.apache.org/job/Struts/job/Struts-master-dependency-check/232/display/redirect?page=changes>
Changes:
[github] Bump byte-buddy.version from 1.17.1 to 1.17.2
[github] Bump org.apache.maven.doxia:doxia-module-markdown from 1.12.0 to 2.0.0
[github] Bump actions/upload-artifact from 4.6.1 to 4.6.2
[github] Bump github/codeql-action from 3.28.10 to 3.28.15
[github] WW-5544 Marks ReflectionContextFactory as deprecated and uses
ActionContext instead (#1254) (#1255)
------------------------------------------
[...truncated 8.92 KiB...]
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:77)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:569)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:255)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(Launcher.java:201)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:361)
at org.codehaus.plexus.classworlds.launcher.Launcher.main
(Launcher.java:314)
Caused by: io.github.jeremylong.openvulnerability.client.nvd.NvdApiException:
Failed to parse NVD data
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next
(NvdCveClient.java:363)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next
(NvdCveClient.java:331)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi
(NvdApiDataSource.java:352)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update
(NvdApiDataSource.java:116)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:906)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase
(Engine.java:711)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:637)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck
(BaseDependencyCheckMojo.java:1967)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute
(BaseDependencyCheckMojo.java:1150)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
(MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
(MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
(MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
(MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
(DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:73)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
(LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:77)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:569)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:255)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(Launcher.java:201)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:361)
at org.codehaus.plexus.classworlds.launcher.Launcher.main
(Launcher.java:314)
Caused by: com.fasterxml.jackson.databind.exc.ValueInstantiationException:
Cannot construct instance of
`io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ModifiedCiaType`,
problem: SAFETY
at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION`
disabled); line: 1, column: 1894827] (through reference chain:
io.github.jeremylong.openvulnerability.client.nvd.CveApiJson20["vulnerabilities"]->java.util.ArrayList[528]->io.github.jeremylong.openvulnerability.client.nvd.DefCveItem["cve"]->io.github.jeremylong.openvulnerability.client.nvd.CveItem["metrics"]->io.github.jeremylong.openvulnerability.client.nvd.Metrics["cvssMetricV40"]->java.util.ArrayList[0]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4["cvssData"]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data["modifiedSubIntegrityImpact"])
at com.fasterxml.jackson.databind.exc.ValueInstantiationException.from
(ValueInstantiationException.java:47)
at
com.fasterxml.jackson.databind.DeserializationContext.instantiationException
(DeserializationContext.java:2014)
at
com.fasterxml.jackson.databind.DeserializationContext.handleInstantiationProblem
(DeserializationContext.java:1426)
at
com.fasterxml.jackson.databind.deser.std.FactoryBasedEnumDeserializer.deserialize
(FactoryBasedEnumDeserializer.java:205)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer._deserializeFromArray
(CollectionDeserializer.java:361)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize
(CollectionDeserializer.java:246)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize
(CollectionDeserializer.java:30)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer._deserializeFromArray
(CollectionDeserializer.java:361)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize
(CollectionDeserializer.java:246)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize
(CollectionDeserializer.java:30)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue
(DefaultDeserializationContext.java:342)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose
(ObjectMapper.java:4905)
at com.fasterxml.jackson.databind.ObjectMapper.readValue
(ObjectMapper.java:3848)
at com.fasterxml.jackson.databind.ObjectMapper.readValue
(ObjectMapper.java:3816)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next
(NvdCveClient.java:358)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next
(NvdCveClient.java:331)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi
(NvdApiDataSource.java:352)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update
(NvdApiDataSource.java:116)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:906)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase
(Engine.java:711)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:637)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck
(BaseDependencyCheckMojo.java:1967)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute
(BaseDependencyCheckMojo.java:1150)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
(MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
(MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
(MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
(MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
(DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:73)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
(LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:77)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:569)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:255)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(Launcher.java:201)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:361)
at org.codehaus.plexus.classworlds.launcher.Launcher.main
(Launcher.java:314)
Caused by: java.lang.IllegalArgumentException: SAFETY
at
io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ModifiedCiaType.fromValue
(CvssV4Data.java:1224)
at jdk.internal.reflect.GeneratedMethodAccessor175.invoke (Unknown Source)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:569)
at com.fasterxml.jackson.databind.introspect.AnnotatedMethod.callOnWith
(AnnotatedMethod.java:118)
at
com.fasterxml.jackson.databind.deser.std.FactoryBasedEnumDeserializer.deserialize
(FactoryBasedEnumDeserializer.java:194)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer._deserializeFromArray
(CollectionDeserializer.java:361)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize
(CollectionDeserializer.java:246)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize
(CollectionDeserializer.java:30)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer._deserializeFromArray
(CollectionDeserializer.java:361)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize
(CollectionDeserializer.java:246)
at
com.fasterxml.jackson.databind.deser.std.CollectionDeserializer.deserialize
(CollectionDeserializer.java:30)
at
com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet
(FieldProperty.java:138)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize
(BeanDeserializer.java:310)
at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize
(BeanDeserializer.java:177)
at
com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue
(DefaultDeserializationContext.java:342)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose
(ObjectMapper.java:4905)
at com.fasterxml.jackson.databind.ObjectMapper.readValue
(ObjectMapper.java:3848)
at com.fasterxml.jackson.databind.ObjectMapper.readValue
(ObjectMapper.java:3816)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient._next
(NvdCveClient.java:358)
at io.github.jeremylong.openvulnerability.client.nvd.NvdCveClient.next
(NvdCveClient.java:331)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi
(NvdApiDataSource.java:352)
at org.owasp.dependencycheck.data.update.NvdApiDataSource.update
(NvdApiDataSource.java:116)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:906)
at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase
(Engine.java:711)
at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:637)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck
(BaseDependencyCheckMojo.java:1967)
at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute
(BaseDependencyCheckMojo.java:1150)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:126)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2
(MojoExecutor.java:328)
at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute
(MojoExecutor.java:316)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:174)
at org.apache.maven.lifecycle.internal.MojoExecutor.access$000
(MojoExecutor.java:75)
at org.apache.maven.lifecycle.internal.MojoExecutor$1.run
(MojoExecutor.java:162)
at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute
(DefaultMojosExecutionStrategy.java:39)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:159)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:105)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:73)
at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:53)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
(LifecycleStarter.java:118)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:906)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:283)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:206)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:77)
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:569)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:255)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(Launcher.java:201)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:361)
at org.codehaus.plexus.classworlds.launcher.Launcher.main
(Launcher.java:314)
[INFO] Updating CISA Known Exploited Vulnerability list:
https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
[INFO] Begin database defrag
[INFO] End database defrag (8901 ms)
[WARNING] Unable to update 1 or more Cached Web DataSource, using local data
instead. Results may not include recent vulnerabilities.
[ERROR] Unable to continue dependency-check analysis.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Struts 2 7.0.4-SNAPSHOT:
[INFO]
[INFO] Struts 2 ........................................... FAILURE [09:18 min]
[INFO] Struts BOM ......................................... SKIPPED
[INFO] Struts Parent POM .................................. SKIPPED
[INFO] Struts 2 Jakarta EE Compatible modules ............. SKIPPED
[INFO] Struts 2 Jakarta EE Compatible Velocity Tools View . SKIPPED
[INFO] Struts 2 Jakarta EE Compatible Velocity Tools Jsp .. SKIPPED
[INFO] Struts 2 Core ...................................... SKIPPED
[INFO] Struts 2 Plugins ................................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 Velocity Plugin ........................... SKIPPED
[INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Jasper Reports 7 Plugin [EXPERIMENTAL] .... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts 2 Tiles Plugin .............................. SKIPPED
[INFO] Struts 2 XSLT Plugin ............................... SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 Assembly .................................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 09:20 min
[INFO] Finished at: 2025-05-01T06:48:34Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:10.0.4:check
(default) on project struts2-project: Fatal exception(s) analyzing Struts 2:
One or more exceptions occurred during analysis:
[ERROR] UpdateException: Error updating the NVD Data
[ERROR] caused by NvdApiException: Failed to parse NVD data
[ERROR] caused by ValueInstantiationException: Cannot construct
instance of
`io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ModifiedCiaType`,
problem: SAFETY
[ERROR] at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION`
disabled); line: 1, column: 1894827] (through reference chain:
io.github.jeremylong.openvulnerability.client.nvd.CveApiJson20["vulnerabilities"]->java.util.ArrayList[528]->io.github.jeremylong.openvulnerability.client.nvd.DefCveItem["cve"]->io.github.jeremylong.openvulnerability.client.nvd.CveItem["metrics"]->io.github.jeremylong.openvulnerability.client.nvd.Metrics["cvssMetricV40"]->java.util.ArrayList[0]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4["cvssData"]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data["modifiedSubIntegrityImpact"])
[ERROR] caused by IllegalArgumentException: SAFETY
[ERROR] NoDataException: No documents exist
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
Build step 'Execute shell' marked build as failure
ERROR: No tool found matching MAVEN_3_LATEST__HOME
Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
