Return-Path: <common-issues-return-120209-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 09658200BA6
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 18 Oct 2016 20:48:00 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 0816A160AFB; Tue, 18 Oct 2016 18:48:00 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 7F457160AE5
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 18 Oct 2016 20:47:59 +0200 (CEST)
Received: (qmail 31863 invoked by uid 500); 18 Oct 2016 18:47:58 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 31802 invoked by uid 99); 18 Oct 2016 18:47:58 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Oct 2016 18:47:58 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 71C0C2C4C7A
	for <common-issues@hadoop.apache.org>; Tue, 18 Oct 2016 18:47:58 +0000 (UTC)
Date: Tue, 18 Oct 2016 18:47:58 +0000 (UTC)
From: "Mike Yoder (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.13013284.1476816439000.19830.1476816478462@Atlassian.JIRA>
In-Reply-To: <JIRA.13013284.1476816439000@Atlassian.JIRA>
References: <JIRA.13013284.1476816439000@Atlassian.JIRA> <JIRA.13013284.1476816439684@arcas>
Subject: [jira] [Created] (HADOOP-13732) Upgrade OWASP dependency-check
 plugin version
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Tue, 18 Oct 2016 18:48:00 -0000

Mike Yoder created HADOOP-13732:
-----------------------------------

             Summary: Upgrade OWASP dependency-check plugin version
                 Key: HADOOP-13732
                 URL: https://issues.apache.org/jira/browse/HADOOP-13732
             Project: Hadoop Common
          Issue Type: Improvement
          Components: security
            Reporter: Mike Yoder
            Assignee: Mike Yoder
            Priority: Minor


For reasons I don't fully understand, the current version (1.3.6) of the OWASP dependency-check plugin produces an essentially empty report on trunk (3.0.0).  After some research, it appears that this plugin has undergone significant work in the latest version, 1.4.3. Upgrading to this version produces the expected full report.

The only gotcha is that a new-ish version of maven is required. I'm using 3.2.2; I know that 3.0.x fails with a strange error.

This plugin was introduced in HADOOP-13198.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org