struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Jenkins Server <jenk...@builds.apache.org>
Subject Build failed in Jenkins: Struts-master-JDK7-dependency-check #119
Date Sun, 18 Nov 2018 22:35:44 GMT
See <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/119/display/redirect?page=changes>

Changes:

[ordtesters] [WW-4977] Fixing flaky test in Jsr168DispatcherTest and

[Sebastian.Peters] Refactor environment dependant tests

[Sebastian.Peters] Replace deprecated classes StrLookup and StrSubstitutor

[Sebastian.Peters] WW-4982 Remove the deprecated JsonLibHandler and json-lib dependency

[Sebastian.Peters] Update maven-dependency-plugin to 3.1.1

[Sebastian.Peters] Update maven-war-plugin to 3.2.2

[Sebastian.Peters] Update updateimpact-maven-plugin to 1.0.12

[Sebastian.Peters] Migrate from outdated rat-maven-plugin to apache-rat-plugin

[Sebastian.Peters] Update maven-surefire-plugin to 2.22.1

[Sebastian.Peters] Update maven-project-info-reports-plugin to 3.0.0

------------------------------------------
[...truncated 1.42 MB...]
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.apache.struts2.tiles.StrutsTilesAnnotationProcessorTest
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.042 s - in org.apache.struts2.tiles.StrutsTilesAnnotationProcessorTest
[INFO] 
[INFO] Results:
[INFO] 
[INFO] Tests run: 6, Failures: 0, Errors: 0, Skipped: 0
[INFO] 
[INFO] 
[INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-tiles-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 61 implicit excludes (use -debug for more details).
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 26 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved:
25 licenses.
[INFO] 
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-2.6-SNAPSHOT.jar>
[INFO] 
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @
struts2-tiles-plugin >>>
[INFO] 
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-tiles-plugin
---
[INFO] 
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @
struts2-tiles-plugin <<<
[INFO] 
[INFO] 
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-tiles-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/tiles/target/struts2-tiles-plugin-2.6-SNAPSHOT-sources.jar>
[INFO] 
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-tiles-plugin
---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO] 
[INFO] --- dependency-check-maven:3.3.4:check (default) @ struts2-tiles-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (9 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (0 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO] 
[INFO] ----------------< org.apache.struts:struts2-dwr-plugin >----------------
[INFO] Building Struts 2 DWR Plugin 2.6-SNAPSHOT                         [8/36]
[INFO] --------------------------------[ jar ]---------------------------------
Downloading from central: https://repo.maven.apache.org/maven2/uk/ltd/getahead/dwr/1.1.1/dwr-1.1.1.pom
Progress (1): 2.2/6.0 kBProgress (1): 5.0/6.0 kBProgress (1): 6.0 kB                     
  Downloaded from central: https://repo.maven.apache.org/maven2/uk/ltd/getahead/dwr/1.1.1/dwr-1.1.1.pom
(6.0 kB at 373 kB/s)
Downloading from central: https://repo.maven.apache.org/maven2/uk/ltd/getahead/dwr/1.1.1/dwr-1.1.1.jar
Progress (1): 2.2/185 kBProgress (1): 5.0/185 kBProgress (1): 7.7/185 kBProgress (1): 10/185
kB Progress (1): 13/185 kBProgress (1): 16/185 kBProgress (1): 19/185 kBProgress (1): 21/185
kBProgress (1): 24/185 kBProgress (1): 27/185 kBProgress (1): 30/185 kBProgress (1): 32/185
kBProgress (1): 36/185 kBProgress (1): 40/185 kBProgress (1): 45/185 kBProgress (1): 49/185
kBProgress (1): 53/185 kBProgress (1): 57/185 kBProgress (1): 61/185 kBProgress (1): 65/185
kBProgress (1): 69/185 kBProgress (1): 73/185 kBProgress (1): 77/185 kBProgress (1): 81/185
kBProgress (1): 85/185 kBProgress (1): 90/185 kBProgress (1): 94/185 kBProgress (1): 98/185
kBProgress (1): 102/185 kBProgress (1): 106/185 kBProgress (1): 110/185 kBProgress (1): 114/185
kBProgress (1): 118/185 kBProgress (1): 122/185 kBProgress (1): 126/185 kBProgress (1): 131/185
kBProgress (1): 135/185 kBProgress (1): 139/185 kBProgress (1): 143/185 kBProgress (1): 147/185
kBProgress (1): 151/185 kBProgress (1): 155/185 kBProgress (1): 159/185 kBProgress (1): 163/185
kBProgress (1): 167/185 kBProgress (1): 171/185 kBProgress (1): 176/185 kBProgress (1): 180/185
kBProgress (1): 184/185 kBProgress (1): 185 kB                        Downloaded from central:
https://repo.maven.apache.org/maven2/uk/ltd/getahead/dwr/1.1.1/dwr-1.1.1.jar (185 kB at 6.6
MB/s)
[INFO] 
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-dwr-plugin
---
[INFO] 
[INFO] --- maven-remote-resources-plugin:1.5:process (process-resource-bundles) @ struts2-dwr-plugin
---
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:resources (default-resources) @ struts2-dwr-plugin
---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/dwr/src/main/resources>
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.7.0:compile (default-compile) @ struts2-dwr-plugin ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/dwr/target/classes>
[INFO] <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/dwr/src/main/java/org/apache/struts2/validators/DWRValidator.java>:
<https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/dwr/src/main/java/org/apache/struts2/validators/DWRValidator.java>
uses unchecked or unsafe operations.
[INFO] <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/dwr/src/main/java/org/apache/struts2/validators/DWRValidator.java>:
Recompile with -Xlint:unchecked for details.
[INFO] 
[INFO] --- maven-bundle-plugin:2.1.0:manifest (bundle-manifest) @ struts2-dwr-plugin ---
[WARNING] Warning in manifest for org.apache.struts:struts2-dwr-plugin:jar:2.6-SNAPSHOT :
Superfluous export-package instructions: [org.apache, org.apache.struts2, org]
[INFO] 
[INFO] --- maven-resources-plugin:3.1.0:testResources (default-testResources) @ struts2-dwr-plugin
---
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/dwr/src/test/resources>
[INFO] Copying 3 resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.7.0:testCompile (default-testCompile) @ struts2-dwr-plugin
---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-surefire-plugin:2.22.1:test (default-test) @ struts2-dwr-plugin ---
[INFO] 
[INFO] --- apache-rat-plugin:0.12:check (default) @ struts2-dwr-plugin ---
[INFO] Added 1 additional default licenses.
[INFO] Added 1 custom approved licenses.
[INFO] Will parse SCM ignores for exclusions...
[INFO] Finished adding exclusions from SCM ignore files.
[INFO] 61 implicit excludes (use -debug for more details).
[INFO] Exclude: src/main/resources/org/apache/struts2/static/domTT.js
[INFO] Exclude: src/site/resources/tags/**/*.html
[INFO] Exclude: src/main/resources/*LICENSE.txt
[INFO] Exclude: src/test/resources/**/*.txt
[INFO] Exclude: src/main/webapp/**/*.css
[INFO] Exclude: src/main/webapp/**/*.map
[INFO] Exclude: src/main/webapp/**/*.js
[INFO] Exclude: src/main/webapp/**/*.svg
[INFO] Exclude: src/main/webapp/**/*.txt
[INFO] Exclude: src/main/resources/**/sitegraph-usage.txt
[INFO] Exclude: src/main/resources/**/docs-urls.txt
[INFO] Exclude: src/etc/header.txt
[INFO] Exclude: src/main/resources/static/css/**/*.css
[INFO] Exclude: src/main/resources/static/js/**/*.js
[INFO] Exclude: src/main/resources/docs.cfg
[INFO] Exclude: src/main/webapp/fonts/**/*
[INFO] 3 resources included (use -debug for more details)
[INFO] Rat check: Summary over all files. Unapproved: 0, unknown: 0, generated: 0, approved:
3 licenses.
[INFO] 
[INFO] --- maven-jar-plugin:3.1.0:jar (default-jar) @ struts2-dwr-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/dwr/target/struts2-dwr-plugin-2.6-SNAPSHOT.jar>
[INFO] 
[INFO] >>> maven-source-plugin:3.0.1:jar (attach-sources) > generate-sources @
struts2-dwr-plugin >>>
[INFO] 
[INFO] --- maven-enforcer-plugin:1.4.1:enforce (enforce-maven-version) @ struts2-dwr-plugin
---
[INFO] 
[INFO] <<< maven-source-plugin:3.0.1:jar (attach-sources) < generate-sources @
struts2-dwr-plugin <<<
[INFO] 
[INFO] 
[INFO] --- maven-source-plugin:3.0.1:jar (attach-sources) @ struts2-dwr-plugin ---
[INFO] Building jar: <https://builds.apache.org/job/Struts-master-JDK7-dependency-check/ws/plugins/dwr/target/struts2-dwr-plugin-2.6-SNAPSHOT-sources.jar>
[INFO] 
[INFO] --- maven-site-plugin:3.7.1:attach-descriptor (attach-descriptor) @ struts2-dwr-plugin
---
[INFO] Skipping because packaging 'jar' is not pom.
[INFO] 
[INFO] --- dependency-check-maven:3.3.4:check (default) @ struts2-dwr-plugin ---
[INFO] Central analyzer disabled
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (7 ms)
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (0 seconds)
[INFO] Skipping CPE Analysis for npm
[INFO] Finished CPE Analyzer (0 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[WARNING] 

One or more dependencies were identified with known vulnerabilities in Struts 2 DWR Plugin:

dwr-1.1.1.jar (uk.ltd.getahead:dwr:1.1.1, cpe:/a:getahead:direct_web_remoting:1.1.1) : CVE-2007-0185,
CVE-2006-6916, CVE-2007-0184


See the dependency-check report for more details.


[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Struts 2 Bill of Materials ......................... SUCCESS [  1.924 s]
[INFO] Struts 2 2.6-SNAPSHOT .............................. SUCCESS [05:13 min]
[INFO] Struts 2 Core ...................................... SUCCESS [01:54 min]
[INFO] Struts Plugins ..................................... SUCCESS [  2.891 s]
[INFO] Struts 2 Configuration Browser Plugin .............. SUCCESS [  2.916 s]
[INFO] Struts 2 Sitemesh Plugin ........................... SUCCESS [  3.351 s]
[INFO] Struts 2 Tiles Plugin .............................. SUCCESS [  4.528 s]
[INFO] Struts 2 DWR Plugin ................................ FAILURE [  2.543 s]
[INFO] Struts 2 Spring Plugin ............................. SKIPPED
[INFO] Struts 2 Convention Plugin ......................... SKIPPED
[INFO] Struts 2 JUnit Plugin .............................. SKIPPED
[INFO] Struts 2 JSON Plugin ............................... SKIPPED
[INFO] Struts 2 Bean Validation Plugin .................... SKIPPED
[INFO] Struts 2 Async Plugin .............................. SKIPPED
[INFO] Struts 2 Webapps ................................... SKIPPED
[INFO] Struts 2 Showcase Webapp ........................... SKIPPED
[INFO] Struts 2 REST Plugin ............................... SKIPPED
[INFO] Struts 2 Rest Showcase Webapp ...................... SKIPPED
[INFO] Struts 2 CDI Plugin ................................ SKIPPED
[INFO] Struts 2 Embedded JSP Plugin ....................... SKIPPED
[INFO] Struts 2 GXP Plugin ................................ SKIPPED
[INFO] Struts 2 Jasper Reports Plugin ..................... SKIPPED
[INFO] Struts 2 Java Templates Plugin ..................... SKIPPED
[INFO] Struts 2 JFreeChart Plugin ......................... SKIPPED
[INFO] Struts 2 OSGi Plugin ............................... SKIPPED
[INFO] Struts 2 OVal Plugin ............................... SKIPPED
[INFO] Struts 2 Pell Multipart Plugin ..................... SKIPPED
[INFO] Struts 2 Plexus Plugin ............................. SKIPPED
[INFO] Struts 2 Portlet Plugin ............................ SKIPPED
[INFO] Struts 2 Portlet Tiles Plugin ...................... SKIPPED
[INFO] DEPRECATED: Struts 2 Sitegraph Plugin .............. SKIPPED
[INFO] Struts 2 TestNG Plugin ............................. SKIPPED
[INFO] Struts OSGi Bundles ................................ SKIPPED
[INFO] Struts 2 OSGi Admin Bundle ......................... SKIPPED
[INFO] Struts 2 OSGi Demo Bundle .......................... SKIPPED
[INFO] Struts 2 Assembly 2.6-SNAPSHOT ..................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 07:28 min
[INFO] Finished at: 2018-11-18T22:35:43Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:3.3.4:check (default) on project
struts2-dwr-plugin: 
[ERROR] 
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score
greater than or equal to '7.0': 
[ERROR] 
[ERROR] dwr-1.1.1.jar: CVE-2006-6916, CVE-2007-0184
[ERROR] 
[ERROR] See the dependency-check report for more details.
[ERROR] 
[ERROR] 
[ERROR] -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 
[ERROR] For more information about the errors and possible solutions, please read the following
articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR] 
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <goals> -rf :struts2-dwr-plugin
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message