[ https://issues.apache.org/jira/browse/CALCITE-3314?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
ASF GitHub Bot updated CALCITE-3314: ------------------------------------ Labels: pull-request-available (was: ) > CVSS dependency-check-maven fails for calcite-pig, calcite-piglet, > calcite-spark > -------------------------------------------------------------------------------- > > Key: CALCITE-3314 > URL: https://issues.apache.org/jira/browse/CALCITE-3314 > Project: Calcite > Issue Type: Bug > Reporter: Stamatis Zampetakis > Assignee: Stamatis Zampetakis > Priority: Blocker > Labels: pull-request-available > Fix For: 1.21.0 > > > Calcite build fails if the CVSS dependency check is active since there are > serious vulnerabilties in calcite-pig, calcite-piglet, calcite-spark. > Running mvn install -Ppedantic -fn gives the following errors: > {noformat} > ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.2.1:check > (default) on project calcite-pig: > [ERROR] > [ERROR] One or more dependencies were identified with vulnerabilities that > have a CVSS score greater than or equal to '8.0': > [ERROR] > [ERROR] jetty-6.1.26.jar: CVE-2017-7658, CVE-2017-7657 > [ERROR] groovy-all-1.8.6.jar: CVE-2015-3253, CVE-2016-6814 > [ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.2.1:check > (default) on project calcite-piglet: > [ERROR] > [ERROR] One or more dependencies were identified with vulnerabilities that > have a CVSS score greater than or equal to '8.0': > [ERROR] > [ERROR] jetty-6.1.26.jar: CVE-2017-7658, CVE-2017-7657 > [ERROR] jackson-core-asl-1.8.8.jar: CVE-2017-17485, CVE-2017-7525, > CVE-2017-15095 > [ERROR] groovy-all-1.8.6.jar: CVE-2015-3253, CVE-2016-6814 > [ERROR] jackson-xc-1.8.3.jar: CVE-2017-17485, CVE-2017-7525, CVE-2017-15095 > [ERROR] hadoop-auth-2.7.5.jar: CVE-2018-8029, CVE-2018-11766, CVE-2018-8009 > [ERROR] api-util-1.0.0-M20.jar: CVE-2018-1337 > [ERROR] zookeeper-3.4.6.jar: CVE-2016-5017 > [ERROR] > htrace-core-3.1.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml: > CVE-2017-17485, CVE-2018-5968, CVE-2017-15095, CVE-2019-14379, > CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2017-7525, > CVE-2018-11307, CVE-2018-14718, CVE-2018-7489, CVE-2018-14719, > CVE-2018-14721, CVE-2018-14720 > [ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.2.1:check > (default) on project calcite-spark: > [ERROR] > [ERROR] One or more dependencies were identified with vulnerabilities that > have a CVSS score greater than or equal to '8.0': > [ERROR] > [ERROR] spark-core_2.10-2.2.0.jar: CVE-2018-17190 > [ERROR] api-util-1.0.0-M20.jar: CVE-2018-1337 > [ERROR] hadoop-mapreduce-client-core-2.7.5.jar: CVE-2018-8029, > CVE-2018-11766, CVE-2018-8009 > [ERROR] bcprov-jdk15on-1.51.jar: CVE-2018-1000613 > [ERROR] zookeeper-3.4.6.jar: CVE-2016-5017 > [ERROR] unused-1.0.0.jar: CVE-2018-17190 > [ERROR] > htrace-core-3.1.0-incubating.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml: > CVE-2017-17485, CVE-2018-5968, CVE-2017-15095, CVE-2019-14379, > CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2017-7525, > CVE-2018-11307, CVE-2018-14718, CVE-2018-7489, CVE-2018-14719, > CVE-2018-14721, CVE-2018-14720 > [ERROR] > spark-core_2.10-2.2.0.jar/META-INF/maven/org.eclipse.jetty/jetty-plus/pom.xml: > CVE-2017-7658, CVE-2017-7657 > {noformat} > -- This message was sent by Atlassian Jira (v8.3.2#803003)