See <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/43/display/redirect?page=changes>
Changes: [lukaszlenart] Upgrades OWASP Dependency Check plugin to the latest version and reduces ------------------------------------------ [...truncated 1.15 MB...] 2018-02-22 22:32:51,091 INFO [main] profiling.UtilTimerStack (UtilTimerStack.java:385) - [0ms] - execute: [0ms] - invoke: [0ms] - interceptorMapping: test [0ms] - invoke: [0ms] - invokeAction: TestInterceptorParam [0ms] - executeResult: error 2018-02-22 22:32:51,116 INFO [main] profiling.UtilTimerStack (UtilTimerStack.java:385) - [1ms] - create DefaultActionProxy: [1ms] - actionCreate: Foo 2018-02-22 22:32:51,116 INFO [main] interceptor.LoggingInterceptor (LoggingInterceptor.java:86) - Starting execution stack for action /does/not/exist/Foo 2018-02-22 22:32:51,120 INFO [main] interceptor.LoggingInterceptor (LoggingInterceptor.java:86) - Finishing execution stack for action /does/not/exist/Foo 2018-02-22 22:32:51,121 INFO [main] interceptor.TimerInterceptor (TimerInterceptor.java:205) - Executed action [/does/not/exist/Foo!execute] took 5 ms. 2018-02-22 22:32:51,121 INFO [main] profiling.UtilTimerStack (UtilTimerStack.java:385) - [5ms] - execute: [5ms] - invoke: [5ms] - interceptorMapping: timer [5ms] - invoke: [5ms] - interceptorMapping: logger [4ms] - invoke: [4ms] - interceptorMapping: staticParams [1ms] - invoke: [1ms] - interceptorMapping: modelDriven [1ms] - invoke: [1ms] - interceptorMapping: params [0ms] - invoke: [0ms] - invokeAction: Foo [0ms] - executeResult: success [0ms] - create DefaultActionProxy: [0ms] - actionCreate: Bar [0ms] - execute: [0ms] - invoke: [0ms] - invokeAction: Bar [0ms] - executeResult: error 2018-02-22 22:32:51,126 INFO [main] interceptor.TimerInterceptor (TimerInterceptor.java:205) - Executed action [myAction!execute] took 0 ms. 2018-02-22 22:32:51,131 INFO [main] interceptor.TimerInterceptor (TimerInterceptor.java:205) - Executed action [myApp/myAction!input] took 0 ms. 2018-02-22 22:32:51,135 WARN [main] interceptor.TimerInterceptor (TimerInterceptor.java:214) - Executed action [myApp/myAction!execute] took 0 ms. 2018-02-22 22:32:51,139 ERROR [main] interceptor.TimerInterceptor (TimerInterceptor.java:216) - Executed action [myApp/myAction!execute] took 0 ms. 2018-02-22 22:32:51,151 FATAL [main] interceptor.TimerInterceptor (TimerInterceptor.java:218) - Executed action [myApp/myAction!execute] took 0 ms. 2018-02-22 22:32:51,155 ERROR [main] interceptor.TimerInterceptor (TimerInterceptor.java:216) - Executed action [myApp/myAction!execute] took 0 ms. 2018-02-22 22:32:51,159 INFO [main] interceptor.TimerInterceptor (TimerInterceptor.java:212) - Executed action [myApp/myAction!execute] took 0 ms. 2018-02-22 22:32:51,163 INFO [main] interceptor.TimerInterceptor (TimerInterceptor.java:205) - Executed action [myApp/myAction!execute] took 0 ms. 2018-02-22 22:32:51,167 INFO [main] interceptor.TimerInterceptor (TimerInterceptor.java:205) - Executed action [myApp/myAction!execute] took 0 ms. 2018-02-22 22:32:51,175 INFO [main] interceptor.TimerInterceptor (TimerInterceptor.java:212) - Executed action [myApp/myAction!execute] took 0 ms. 2018-02-22 22:32:51,950 WARN [main] xwork2.DefaultLocaleProvider (DefaultLocaleProvider.java:53) - Cannot convert [_] to proper locale java.lang.IllegalArgumentException: Invalid locale format: _ at org.apache.commons.lang3.LocaleUtils.toLocale(LocaleUtils.java:102) ~[commons-lang3-3.6.jar:3.6] at com.opensymphony.xwork2.DefaultLocaleProvider.isValidLocaleString(DefaultLocaleProvider.java:51) [classes/:?] at org.apache.struts2.interceptor.I18nInterceptor.getLocaleFromParam(I18nInterceptor.java:166) [classes/:?] at org.apache.struts2.interceptor.I18nInterceptor$SessionLocaleHandler.find(I18nInterceptor.java:276) [classes/:?] at org.apache.struts2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:104) [classes/:?] at org.apache.struts2.interceptor.I18nInterceptorTest.testDefaultLocale(I18nInterceptorTest.java:88) [test-classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.7.0_80] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[?:1.7.0_80] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.7.0_80] at java.lang.reflect.Method.invoke(Method.java:606) ~[?:1.7.0_80] at junit.framework.TestCase.runTest(TestCase.java:176) [junit-4.12.jar:4.12] at junit.framework.TestCase.runBare(TestCase.java:141) [junit-4.12.jar:4.12] at junit.framework.TestResult$1.protect(TestResult.java:122) [junit-4.12.jar:4.12] at junit.framework.TestResult.runProtected(TestResult.java:142) [junit-4.12.jar:4.12] at junit.framework.TestResult.run(TestResult.java:125) [junit-4.12.jar:4.12] at junit.framework.TestCase.run(TestCase.java:129) [junit-4.12.jar:4.12] at junit.framework.TestSuite.runTest(TestSuite.java:252) [junit-4.12.jar:4.12] at junit.framework.TestSuite.run(TestSuite.java:247) [junit-4.12.jar:4.12] at org.testng.junit.JUnitTestRunner.doRun(JUnitTestRunner.java:250) [testng-5.14.10.jar:?] at org.testng.junit.JUnitTestRunner.start(JUnitTestRunner.java:223) [testng-5.14.10.jar:?] at org.testng.junit.JUnitTestRunner.run(JUnitTestRunner.java:211) [testng-5.14.10.jar:?] at org.testng.TestRunner$1.run(TestRunner.java:659) [testng-5.14.10.jar:?] at org.testng.TestRunner.runWorkers(TestRunner.java:1147) [testng-5.14.10.jar:?] at org.testng.TestRunner.privateRunJUnit(TestRunner.java:690) [testng-5.14.10.jar:?] at org.testng.TestRunner.run(TestRunner.java:597) [testng-5.14.10.jar:?] at org.testng.SuiteRunner.runTest(SuiteRunner.java:317) [testng-5.14.10.jar:?] at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:312) [testng-5.14.10.jar:?] at org.testng.SuiteRunner.privateRun(SuiteRunner.java:274) [testng-5.14.10.jar:?] at org.testng.SuiteRunner.run(SuiteRunner.java:223) [testng-5.14.10.jar:?] at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52) [testng-5.14.10.jar:?] at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86) [testng-5.14.10.jar:?] at org.testng.TestNG.runSuitesSequentially(TestNG.java:1039) [testng-5.14.10.jar:?] at org.testng.TestNG.runSuitesLocally(TestNG.java:964) [testng-5.14.10.jar:?] at org.testng.TestNG.run(TestNG.java:900) [testng-5.14.10.jar:?] at org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:135) [surefire-testng-2.20.1.jar:2.20.1] at org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.executeMulti(TestNGDirectoryTestSuite.java:198) [surefire-testng-2.20.1.jar:2.20.1] at org.apache.maven.surefire.testng.TestNGDirectoryTestSuite.execute(TestNGDirectoryTestSuite.java:94) [surefire-testng-2.20.1.jar:2.20.1] at org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:146) [surefire-testng-2.20.1.jar:2.20.1] at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:373) [surefire-booter-2.20.1.jar:2.20.1] at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:334) [surefire-booter-2.20.1.jar:2.20.1] at org.apache.maven.surefire.booter.ForkedBooter.execute(ForkedBooter.java:119) [surefire-booter-2.20.1.jar:2.20.1] at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:407) [surefire-booter-2.20.1.jar:2.20.1] 2018-02-22 22:32:51,970 INFO [main] profiling.UtilTimerStack (UtilTimerStack.java:385) - [0ms] - create DefaultActionProxy: [0ms] - actionCreate: chainedAction 2018-02-22 22:32:51,977 INFO [main] struts2.TestResult (TestResult.java:74) - executing TestResult. 2018-02-22 22:32:51,980 INFO [main] profiling.UtilTimerStack (UtilTimerStack.java:385) - [10ms] - execute: [10ms] - invoke: [1ms] - invokeAction: chainedAction [9ms] - executeResult: error [0ms] - create DefaultActionProxy: [0ms] - actionCreate: chaintoAction [9ms] - execute: [9ms] - invoke: [9ms] - interceptorMapping: chainStack [4ms] - invoke: [0ms] - invokeAction: chaintoAction [3ms] - executeResult: success [INFO] Tests run: 1790, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 79.677 s - in TestSuite [INFO] [INFO] Results: [INFO] [INFO] Tests run: 1790, Failures: 0, Errors: 0, Skipped: 0 [INFO] [INFO] [INFO] --- apache-rat-plugin:0.11:check (default) @ struts2-core --- [INFO] 51 implicit excludes (use -debug for more details). [INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js [INFO] Exclude: src/site/resources/tags/**/*.html [INFO] Exclude: src/main/resources/*LICENSE.txt [INFO] Exclude: src/test/resources/**/*.txt [INFO] Exclude: src/main/webapp/**/*.css [INFO] Exclude: src/main/webapp/**/*.map [INFO] Exclude: src/main/webapp/**/*.js [INFO] Exclude: src/main/webapp/**/*.svg [INFO] Exclude: src/main/webapp/**/*.txt [INFO] Exclude: src/main/resources/**/sitegraph-usage.txt [INFO] Exclude: src/main/resources/**/docs-urls.txt [INFO] Exclude: src/etc/header.txt [INFO] Exclude: src/main/resources/static/css/**/*.css [INFO] Exclude: src/main/resources/static/js/**/*.js [INFO] Exclude: src/main/resources/docs.cfg [INFO] Exclude: src/main/webapp/fonts/**/* [INFO] 1580 resources included (use -debug for more details) [INFO] Rat check: Summary of files. Unapproved: 0 unknown: 0 generated: 0 approved: 1573 licence. [INFO] [INFO] --- maven-jar-plugin:3.0.0:jar (default-jar) @ struts2-core --- [INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT.jar> [INFO] [INFO] >>> maven-source-plugin:3.0.0:jar (attach-sources) > generate-sources @ struts2-core >>> [INFO] [INFO] <<< maven-source-plugin:3.0.0:jar (attach-sources) < generate-sources @ struts2-core <<< [INFO] [INFO] [INFO] --- maven-source-plugin:3.0.0:jar (attach-sources) @ struts2-core --- [INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/core/target/struts2-core-2.6-SNAPSHOT-sources.jar> [INFO] [INFO] --- maven-site-plugin:3.5.1:attach-descriptor (attach-descriptor) @ struts2-core --- [INFO] [INFO] --- dependency-check-maven:3.1.1:check (default) @ struts2-core --- [INFO] Checking for updates [INFO] Skipping NVD check since last check was within 4 hours. [INFO] Check for updates complete (15 ms) [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Central Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Created CPE Index (1 seconds) [INFO] Skipping CPE Analysis for npm [INFO] Finished CPE Analyzer (1 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished Cpe Suppression Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Analysis Complete (4 seconds) [WARNING] One or more dependencies were identified with known vulnerabilities in Struts 2 Core: struts-core-1.3.8.jar (org.apache.struts:struts-core:1.3.8, cpe:/a:apache:struts:1.3.8) : CVE-2016-1181, CVE-2016-1182, CVE-2014-0114, CVE-2015-0899 struts-tiles-1.3.8.jar (cpe:/a:apache:tiles:1.3.8, org.apache.struts:struts-tiles:1.3.8, cpe:/a:apache:struts:1.3.8) : CVE-2016-1181, CVE-2016-1182, CVE-2014-0114, CVE-2015-0899 bsh-2.0b4.jar (org.beanshell:bsh:2.0b4, cpe:/a:beanshell_project:beanshell:2.0.b4) : CVE-2016-2510 See the dependency-check report for more details. [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: [INFO] [INFO] Struts 2 Bill of Materials ......................... SUCCESS [ 1.449 s] [INFO] Struts 2 ........................................... SUCCESS [02:42 min] [INFO] Struts 2 Core ...................................... FAILURE [01:55 min] [INFO] Struts Plugins ..................................... SKIPPED [INFO] Struts 2 Configuration Browser Plugin .............. SKIPPED [INFO] Struts 2 Sitemesh Plugin ........................... SKIPPED [INFO] Struts 2 Tiles Plugin .............................. SKIPPED [INFO] Struts 2 DWR Plugin ................................ SKIPPED [INFO] Struts 2 Spring Plugin ............................. SKIPPED [INFO] Struts 2 Convention Plugin ......................... SKIPPED [INFO] Struts 2 JUnit Plugin .............................. SKIPPED [INFO] Struts 2 JSON Plugin ............................... SKIPPED [INFO] Struts 2 Bean Validation Plugin .................... SKIPPED [INFO] Struts 2 Webapps ................................... SKIPPED [INFO] Struts 2 Showcase Webapp ........................... SKIPPED [INFO] Struts 2 REST Plugin ............................... SKIPPED [INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED [INFO] Struts 2 CDI Plugin ................................ SKIPPED [INFO] Struts 2 Embedded JSP Plugin ....................... SKIPPED [INFO] Struts 2 GXP Plugin ................................ SKIPPED [INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED [INFO] Struts 2 Java Templates Plugin ..................... SKIPPED [INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED [INFO] Struts 2 OSGi Plugin ............................... SKIPPED [INFO] Struts 2 OVal Plugin ............................... SKIPPED [INFO] Struts 2 Pell Multipart Plugin ..................... SKIPPED [INFO] Struts 2 Plexus Plugin ............................. SKIPPED [INFO] Struts 2 Portlet Plugin ............................ SKIPPED [INFO] Struts 2 Portlet Tiles Plugin ...................... SKIPPED [INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. SKIPPED [INFO] Struts 2 TestNG Plugin ............................. SKIPPED [INFO] Struts OSGi Bundles ................................ SKIPPED [INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED [INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED [INFO] Struts 2 Assembly .................................. SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 04:41 min [INFO] Finished at: 2018-02-22T22:33:02Z [INFO] Final Memory: 61M/1869M [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.1.1:check (default) on project struts2-core: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': [ERROR] [ERROR] struts-core-1.3.8.jar: CVE-2014-0114 [ERROR] struts-tiles-1.3.8.jar: CVE-2014-0114 [ERROR] [ERROR] See the dependency-check report for more details. [ERROR] [ERROR] [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException [ERROR] [ERROR] After correcting the problems, you can resume the build with the command [ERROR] mvn <goals> -rf :struts2-core Build step 'Execute shell' marked build as failure [locks-and-latches] Releasing all the locks [locks-and-latches] All the locks released Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org