struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yasser Zamani <yasserzam...@apache.org>
Subject RE: Build failed in Jenkins: Struts-examples-JDK8-dependency-check #6
Date Sat, 07 Dec 2019 08:11:00 GMT
Hi Łukasz,

I'm not sure but another option is to keep Struts-examples free from dependency check - they're
just examples.

Regards.

>-----Original Message-----
>From: Lukasz Lenart <lukaszlenart@apache.org>
>Sent: Monday, December 2, 2019 12:13 PM
>To: Struts Developers List <dev@struts.apache.org>
>Subject: Re: Build failed in Jenkins: Struts-examples-JDK8-dependency-check #6
>
>Hi,
>
>I'm not sure how important "mailreader" example is by opt to throw it away, it
>depends on "struts-mailreader-dao" ver. 1.3.5 which is part of Struts 1 as far I
>understand. If no objections will be posted within 72h I will accept this by lazy
>consensus.
>
>
>Regards
>--
>Łukasz
>+ 48 606 323 122 http://www.lenart.org.pl/
>
>https://www.apache.org/foundation/glossary.html#LazyConsensus
>
>
>niedz., 1 gru 2019 o 17:52 Apache Jenkins Server
><jenkins@builds.apache.org> napisał(a):
>>
>> See <https://builds.apache.org/job/Struts-examples-JDK8-dependency-
>check/6/display/redirect?page=changes>
>>
>> Changes:
>>
>> [lukaszlenart] Upgrades to Struts 2.5.22
>>
>>
>> ------------------------------------------
>> [...truncated 105.71 KB...]
>> [INFO]
>>
>> Dependency-Check is an open source tool performing a best effort analysis of
>3rd party dependencies; false positives and false negatives may exist in the
>analysis performed by the tool. Use of the tool and the reporting provided
>constitutes acceptance for use in an AS IS condition, and there are NO
>warranties, implied or otherwise, with regard to the analysis or its use. Any use of
>the tool and the reporting provided is at the user?s risk. In no event shall the
>copyright holder or OWASP be held liable for any damages whatsoever arising out
>of or in connection with the use of this tool, the analysis performed, or the
>resulting report.
>>
>>
>> [INFO] Analysis Started
>> [INFO] Finished Archive Analyzer (0 seconds)
>> [INFO] Finished File Name Analyzer (0 seconds)
>> [INFO] Finished Jar Analyzer (0 seconds)
>> [INFO] Finished Dependency Merging Analyzer (0 seconds)
>> [INFO] Finished Version Filter Analyzer (0 seconds)
>> [INFO] Finished Hint Analyzer (0 seconds)
>> [INFO] Created CPE Index (1 seconds)
>> [INFO] Finished CPE Analyzer (1 seconds)
>> [INFO] Finished False Positive Analyzer (0 seconds)
>> [INFO] Finished NVD CVE Analyzer (0 seconds)
>> [INFO] Finished RetireJS Analyzer (0 seconds)
>> [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
>> [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
>> [INFO] Finished Dependency Bundling Analyzer (0 seconds)
>> [INFO] Analysis Complete (1 seconds)
>> [INFO]
>> [INFO] ----------------------< org.demo:json-customize >-----------------------
>> [INFO] Building Customized JSON produce 1.0-SNAPSHOT                    [22/42]
>> [INFO] --------------------------------[ war ]---------------------------------
>> Downloading from apache-public:
>https://repository.apache.org/content/groups/public/net/sf/flexjson/flexjson/3.
>3/flexjson-3.3.pom
>> Downloading from apache-staging:
>https://repository.apache.org/content/groups/staging/net/sf/flexjson/flexjson/3
>.3/flexjson-3.3.pom
>> Downloading from apache-snapshots:
>https://repository.apache.org/content/groups/snapshots/net/sf/flexjson/flexjso
>n/3.3/flexjson-3.3.pom
>> Downloading from oss-snapshots:
>https://oss.sonatype.org/content/repositories/snapshots/net/sf/flexjson/flexjso
>n/3.3/flexjson-3.3.pom
>> Downloading from central:
>https://repo.maven.apache.org/maven2/net/sf/flexjson/flexjson/3.3/flexjson-
>3.3.pom
>> Progress (1): 2.2/6.0 kBProgress (1): 5.0/6.0 kBProgress (1): 6.0 kB
>Downloaded from central:
>https://repo.maven.apache.org/maven2/net/sf/flexjson/flexjson/3.3/flexjson-
>3.3.pom (6.0 kB at 317 kB/s)
>> Downloading from apache-public:
>https://repository.apache.org/content/groups/public/net/sf/flexjson/flexjson/3.
>3/flexjson-3.3.jar
>> Downloading from apache-staging:
>https://repository.apache.org/content/groups/staging/net/sf/flexjson/flexjson/3
>.3/flexjson-3.3.jar
>> Downloading from apache-snapshots:
>https://repository.apache.org/content/groups/snapshots/net/sf/flexjson/flexjso
>n/3.3/flexjson-3.3.jar
>> Downloading from oss-snapshots:
>https://oss.sonatype.org/content/repositories/snapshots/net/sf/flexjson/flexjso
>n/3.3/flexjson-3.3.jar
>> Downloading from central:
>https://repo.maven.apache.org/maven2/net/sf/flexjson/flexjson/3.3/flexjson-
>3.3.jar
>> Progress (1): 2.2/92 kBProgress (1): 5.0/92 kBProgress (1): 7.7/92 kBProgress
>(1): 10/92 kB Progress (1): 13/92 kBProgress (1): 16/92 kBProgress (1): 19/92
>kBProgress (1): 21/92 kBProgress (1): 24/92 kBProgress (1): 27/92 kBProgress (1):
>30/92 kBProgress (1): 32/92 kBProgress (1): 36/92 kBProgress (1): 40/92
>kBProgress (1): 45/92 kBProgress (1): 49/92 kBProgress (1): 53/92 kBProgress (1):
>57/92 kBProgress (1): 61/92 kBProgress (1): 65/92 kBProgress (1): 69/92
>kBProgress (1): 73/92 kBProgress (1): 77/92 kBProgress (1): 81/92 kBProgress (1):
>85/92 kBProgress (1): 90/92 kBProgress (1): 92 kB                      Downloaded from
>central:
>https://repo.maven.apache.org/maven2/net/sf/flexjson/flexjson/3.3/flexjson-
>3.3.jar (92 kB at 3.4 MB/s)
>> [INFO]
>> [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ json-
>customize ---
>> [INFO] Using 'UTF-8' encoding to copy filtered resources.
>> [INFO] Copying 2 resources
>> [INFO]
>> [INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ json-
>customize ---
>> [INFO] Changes detected - recompiling the module!
>> [INFO] Compiling 9 source files to <https://builds.apache.org/job/Struts-
>examples-JDK8-dependency-check/ws/json-customize/target/classes>
>> [INFO]
>> [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @
>json-customize ---
>> [INFO] Using 'UTF-8' encoding to copy filtered resources.
>> [INFO] skip non existing resourceDirectory
><https://builds.apache.org/job/Struts-examples-JDK8-dependency-
>check/ws/json-customize/src/test/resources>
>> [INFO]
>> [INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @
>json-customize ---
>> [INFO] No sources to compile
>> [INFO]
>> [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ json-customize ---
>> [INFO] No tests to run.
>> [INFO]
>> [INFO] --- maven-war-plugin:2.2:war (default-war) @ json-customize ---
>> [INFO] Packaging webapp
>> [INFO] Assembling webapp [json-customize] in
>[<https://builds.apache.org/job/Struts-examples-JDK8-dependency-
>check/ws/json-customize/target/json-customize-1.0-SNAPSHOT]>
>> [INFO] Processing war project
>> [INFO] Copying webapp resources [<https://builds.apache.org/job/Struts-
>examples-JDK8-dependency-check/ws/json-customize/src/main/webapp]>
>> [INFO] Webapp assembled in [22 msecs]
>> [INFO] Building war: <https://builds.apache.org/job/Struts-examples-JDK8-
>dependency-check/ws/json-customize/target/json-customize-1.0-
>SNAPSHOT.war>
>> [INFO] WEB-INF/web.xml already added, skipping
>> [INFO]
>> [INFO] --- dependency-check-maven:5.2.2:check (default) @ json-customize ---
>> [INFO] Checking for updates
>> [INFO] Skipping NVD check since last check was within 4 hours.
>> [INFO] Skipping RetireJS update since last update was within 24 hours.
>> [INFO] Check for updates complete (1 ms)
>> [INFO]
>>
>> Dependency-Check is an open source tool performing a best effort analysis of
>3rd party dependencies; false positives and false negatives may exist in the
>analysis performed by the tool. Use of the tool and the reporting provided
>constitutes acceptance for use in an AS IS condition, and there are NO
>warranties, implied or otherwise, with regard to the analysis or its use. Any use of
>the tool and the reporting provided is at the user?s risk. In no event shall the
>copyright holder or OWASP be held liable for any damages whatsoever arising out
>of or in connection with the use of this tool, the analysis performed, or the
>resulting report.
>>
>>
>> [INFO] Analysis Started
>> [INFO] Finished Archive Analyzer (0 seconds)
>> [INFO] Finished File Name Analyzer (0 seconds)
>> [INFO] Finished Jar Analyzer (0 seconds)
>> [INFO] Finished Dependency Merging Analyzer (0 seconds)
>> [INFO] Finished Version Filter Analyzer (0 seconds)
>> [INFO] Finished Hint Analyzer (0 seconds)
>> [INFO] Created CPE Index (1 seconds)
>> [INFO] Finished CPE Analyzer (1 seconds)
>> [INFO] Finished False Positive Analyzer (0 seconds)
>> [INFO] Finished NVD CVE Analyzer (0 seconds)
>> [INFO] Finished RetireJS Analyzer (0 seconds)
>> [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
>> [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
>> [INFO] Finished Dependency Bundling Analyzer (0 seconds)
>> [INFO] Analysis Complete (1 seconds)
>> [INFO]
>> [INFO] --------------------< org.apache.struts:mailreader >--------------------
>> [INFO] Building Struts 2 Mail Reader Webapp 1.0.0                       [23/42]
>> [INFO] --------------------------------[ war ]---------------------------------
>> Downloading from apache-public:
>https://repository.apache.org/content/groups/public/org/apache/struts/struts-
>mailreader-dao/1.3.5/struts-mailreader-dao-1.3.5.pom
>> Progress (1): 1.9 kB                    Downloaded from apache-public:
>https://repository.apache.org/content/groups/public/org/apache/struts/struts-
>mailreader-dao/1.3.5/struts-mailreader-dao-1.3.5.pom (1.9 kB at 2.5 kB/s)
>> Downloading from apache-public:
>https://repository.apache.org/content/groups/public/org/apache/struts/struts-
>parent/1.3.5/struts-parent-1.3.5.pom
>> Progress (1): 4.1/6.8 kBProgress (1): 6.8 kB                        Downloaded from
>apache-public:
>https://repository.apache.org/content/groups/public/org/apache/struts/struts-
>parent/1.3.5/struts-parent-1.3.5.pom (6.8 kB at 8.8 kB/s)
>> Downloading from apache-public:
>https://repository.apache.org/content/groups/public/org/apache/struts/struts-
>master/3/struts-master-3.pom
>> Progress (1): 4.1/11 kBProgress (1): 7.7/11 kBProgress (1): 8.2/11 kBProgress
>(1): 11 kB                       Downloaded from apache-public:
>https://repository.apache.org/content/groups/public/org/apache/struts/struts-
>master/3/struts-master-3.pom (11 kB at 15 kB/s)
>> Downloading from apache-public:
>https://repository.apache.org/content/groups/public/org/apache/struts/struts-
>mailreader-dao/1.3.5/struts-mailreader-dao-1.3.5.jar
>> Downloading from apache-public:
>https://repository.apache.org/content/groups/public/commons-
>beanutils/commons-beanutils/1.6/commons-beanutils-1.6.jar
>> Progress (1): 4.1/21 kBProgress (1): 7.7/21 kBProgress (1): 8.2/21 kBProgress
>(2): 8.2/21 kB | 4.1/118 kBProgress (2): 8.2/21 kB | 7.7/118 kBProgress (2): 8.2/21
>kB | 8.2/118 kBProgress (2): 12/21 kB | 8.2/118 kB Progress (2): 16/21 kB |
>8.2/118 kBProgress (2): 16/21 kB | 8.2/118 kBProgress (2): 20/21 kB | 8.2/118
>kBProgress (2): 21 kB | 8.2/118 kB   Progress (2): 21 kB | 12/118 kB Progress (2):
>21 kB | 16/118 kBProgress (2): 21 kB | 16/118 kBProgress (2): 21 kB | 20/118
>kBProgress (2): 21 kB | 24/118 kBProgress (2): 21 kB | 25/118 kBProgress (2): 21
>kB | 29/118 kBProgress (2): 21 kB | 32/118 kBProgress (2): 21 kB | 33/118
>kBProgress (2): 21 kB | 37/118 kBProgress (2): 21 kB | 41/118 kBProgress (2): 21
>kB | 41/118 kBProgress (2): 21 kB | 45/118 kBProgress (2): 21 kB | 49/118
>kBProgress (2): 21 kB | 49/118 kBProgress (2): 21 kB | 53/118 kBProgress (2): 21
>kB | 57/118 kBProgress (2): 21 kB | 57/118 kBProgress (2): 21 kB | 61/118
>kBProgress (2): 21 kB | 65/118 kBProgress (2): 21 kB | 66/118 kBProgress (2): 21
>kB | 70/118 kBProgress (2): 21 kB | 74/118 kBProgress (2): 21 kB | 74/118
>kBProgress (2): 21 kB | 78/118 kBProgress (2): 21 kB | 82/118 kBProgress (2): 21
>kB | 82/118 kBProgress (2): 21 kB | 86/118 kBProgress (2): 21 kB | 90/118
>kBProgress (2): 21 kB | 90/118 kBProgress (2): 21 kB | 94/118 kBProgress (2): 21
>kB | 98/118 kBProgress (2): 21 kB | 98/118 kBProgress (2): 21 kB | 102/118
>kBProgress (2): 21 kB | 106/118 kBProgress (2): 21 kB | 106/118 kBProgress (2):
>21 kB | 111/118 kBProgress (2): 21 kB | 114/118 kBProgress (2): 21 kB | 115/118
>kBProgress (2): 21 kB | 118 kB                                Downloaded from apache-public:
>https://repository.apache.org/content/groups/public/org/apache/struts/struts-
>mailreader-dao/1.3.5/struts-mailreader-dao-1.3.5.jar (21 kB at 25 kB/s)
>> Downloaded from apache-public:
>https://repository.apache.org/content/groups/public/commons-
>beanutils/commons-beanutils/1.6/commons-beanutils-1.6.jar (118 kB at 114
>kB/s)
>> [INFO]
>> [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @
>mailreader ---
>> [INFO] Using 'UTF-8' encoding to copy filtered resources.
>> [INFO] Copying 8 resources
>> [INFO]
>> [INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ mailreader -
>--
>> [INFO] Changes detected - recompiling the module!
>> [INFO] Compiling 9 source files to <https://builds.apache.org/job/Struts-
>examples-JDK8-dependency-check/ws/mailreader/target/classes>
>> [INFO] <https://builds.apache.org/job/Struts-examples-JDK8-dependency-
>check/ws/mailreader/src/main/java/mailreader2/MailreaderSupport.java>: Some
>input files use unchecked or unsafe operations.
>> [INFO] <https://builds.apache.org/job/Struts-examples-JDK8-dependency-
>check/ws/mailreader/src/main/java/mailreader2/MailreaderSupport.java>:
>Recompile with -Xlint:unchecked for details.
>> [INFO]
>> [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @
>mailreader ---
>> [INFO] Using 'UTF-8' encoding to copy filtered resources.
>> [INFO] skip non existing resourceDirectory
><https://builds.apache.org/job/Struts-examples-JDK8-dependency-
>check/ws/mailreader/src/test/resources>
>> [INFO]
>> [INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @
>mailreader ---
>> [INFO] No sources to compile
>> [INFO]
>> [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ mailreader ---
>> [INFO] No tests to run.
>> [INFO]
>> [INFO] --- maven-war-plugin:2.2:war (default-war) @ mailreader ---
>> [INFO] Packaging webapp
>> [INFO] Assembling webapp [mailreader] in
>[<https://builds.apache.org/job/Struts-examples-JDK8-dependency-
>check/ws/mailreader/target/mailreader-1.0.0]>
>> [INFO] Processing war project
>> [INFO] Copying webapp resources [<https://builds.apache.org/job/Struts-
>examples-JDK8-dependency-check/ws/mailreader/src/main/webapp]>
>> [INFO] Webapp assembled in [62 msecs]
>> [INFO] Building war: <https://builds.apache.org/job/Struts-examples-JDK8-
>dependency-check/ws/mailreader/target/mailreader-1.0.0.war>
>> [INFO] WEB-INF/web.xml already added, skipping
>> [INFO]
>> [INFO] --- dependency-check-maven:5.2.2:check (default) @ mailreader ---
>> [INFO] Checking for updates
>> [INFO] Skipping NVD check since last check was within 4 hours.
>> [INFO] Skipping RetireJS update since last update was within 24 hours.
>> [INFO] Check for updates complete (2 ms)
>> [INFO]
>>
>> Dependency-Check is an open source tool performing a best effort analysis of
>3rd party dependencies; false positives and false negatives may exist in the
>analysis performed by the tool. Use of the tool and the reporting provided
>constitutes acceptance for use in an AS IS condition, and there are NO
>warranties, implied or otherwise, with regard to the analysis or its use. Any use of
>the tool and the reporting provided is at the user?s risk. In no event shall the
>copyright holder or OWASP be held liable for any damages whatsoever arising out
>of or in connection with the use of this tool, the analysis performed, or the
>resulting report.
>>
>>
>> [INFO] Analysis Started
>> [INFO] Finished Archive Analyzer (0 seconds)
>> [INFO] Finished File Name Analyzer (0 seconds)
>> [INFO] Finished Jar Analyzer (0 seconds)
>> [INFO] Finished Dependency Merging Analyzer (0 seconds)
>> [INFO] Finished Version Filter Analyzer (0 seconds)
>> [INFO] Finished Hint Analyzer (0 seconds)
>> [INFO] Created CPE Index (1 seconds)
>> [INFO] Finished CPE Analyzer (1 seconds)
>> [INFO] Finished False Positive Analyzer (0 seconds)
>> [INFO] Finished NVD CVE Analyzer (0 seconds)
>> [INFO] Finished RetireJS Analyzer (0 seconds)
>> [INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
>> [INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
>> [INFO] Finished Dependency Bundling Analyzer (0 seconds)
>> [INFO] Analysis Complete (2 seconds)
>> [WARNING]
>>
>> One or more dependencies were identified with known vulnerabilities in Struts 2
>Mail Reader Webapp:
>>
>> struts-mailreader-dao-1.3.5.jar (pkg:maven/org.apache.struts/struts-
>mailreader-dao@1.3.5, cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*) : CVE-2011-
>3923, CVE-2012-0394, CVE-2013-2115, CVE-2014-0114, CVE-2015-0899, CVE-
>2016-1181, CVE-2016-1182
>> commons-beanutils-1.6.jar (pkg:maven/commons-beanutils/commons-
>beanutils@1.6, cpe:2.3:a:apache:commons_beanutils:1.6:*:*:*:*:*:*:*) : CVE-
>2014-0114, CVE-2019-10086
>> commons-collections-2.1.jar (pkg:maven/commons-collections/commons-
>collections@2.1, cpe:2.3:a:apache:commons_collections:2.1:*:*:*:*:*:*:*) :
>CVE-2015-6420, CVE-2017-15708, Remote code execution
>>
>>
>> See the dependency-check report for more details.
>>
>>
>> [INFO] ------------------------------------------------------------------------
>> [INFO] Reactor Summary:
>> [INFO]
>> [INFO] Struts 2 Examples 1.0.0 ............................ SUCCESS [ 20.223 s]
>> [INFO] Action chaining 1.0-SNAPSHOT ....................... SUCCESS [  4.197 s]
>> [INFO] Annotations with Convention Plugin ................. SUCCESS [  6.484 s]
>> [INFO] Basic Struts2 Example .............................. SUCCESS [  2.934 s]
>> [INFO] Bean Validation .................................... SUCCESS [  5.644 s]
>> [INFO] Struts 2 Blank Webapp .............................. SUCCESS [  8.153 s]
>> [INFO] Coding Struts 2 Action ............................. SUCCESS [  2.832 s]
>> [INFO] Control Tags ....................................... SUCCESS [  2.928 s]
>> [INFO] CRUD Example 1.0-SNAPSHOT .......................... SUCCESS [  2.954 s]
>> [INFO] Debugging Struts ................................... SUCCESS [  4.757 s]
>> [INFO] Exception handling ................................. SUCCESS [  3.112 s]
>> [INFO] Exclude Parameters ................................. SUCCESS [  2.813 s]
>> [INFO] File upload ........................................ SUCCESS [  2.716 s]
>> [INFO] Form Processing .................................... SUCCESS [  2.711 s]
>> [INFO] Form Tags .......................................... SUCCESS [  2.657 s]
>> [INFO] Form validation .................................... SUCCESS [  2.723 s]
>> [INFO] XML based form validation .......................... SUCCESS [  2.604 s]
>> [INFO] Hello World Struts 2 Example Application ........... SUCCESS [  2.583 s]
>> [INFO] Http Session ....................................... SUCCESS [  2.644 s]
>> [INFO] Struts 2 Interceptors .............................. SUCCESS [  2.400 s]
>> [INFO] JSON produce/consume 1.0-SNAPSHOT .................. SUCCESS [  6.842 s]
>> [INFO] Customized JSON produce 1.0-SNAPSHOT ............... SUCCESS [  5.530 s]
>> [INFO] Struts 2 Mail Reader Webapp ........................ FAILURE [  7.160 s]
>> [INFO] Message resource ................................... SKIPPED
>> [INFO] Message Store 1.0-SNAPSHOT ......................... SKIPPED
>> [INFO] Portlet Webapp ..................................... SKIPPED
>> [INFO] Preparable Interface ............................... SKIPPED
>> [INFO] REST to Action Mapper Example Application .......... SKIPPED
>> [INFO] REST Plugin based application with AngularJS ....... SKIPPED
>> [INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
>> [INFO] Struts2 with Spring Integration .................... SKIPPED
>> [INFO] Custom TextProvider ................................ SKIPPED
>> [INFO] Struts Tiles Example ............................... SKIPPED
>> [INFO] Struts 2 Themes .................................... SKIPPED
>> [INFO] Struts 2 Themes Override ........................... SKIPPED
>> [INFO] Type Conversion .................................... SKIPPED
>> [INFO] Unit Testing ....................................... SKIPPED
>> [INFO] Using Struts 2 Tags ................................ SKIPPED
>> [INFO] validation-messages ................................ SKIPPED
>> [INFO] Wildcard Method Selection .......................... SKIPPED
>> [INFO] Wildcard RegEx pattern matching 1 .................. SKIPPED
>> [INFO] Unknown handler 1.0.0 .............................. SKIPPED
>> [INFO] ------------------------------------------------------------------------
>> [INFO] BUILD FAILURE
>> [INFO] ------------------------------------------------------------------------
>> [INFO] Total time: 01:48 min
>> [INFO] Finished at: 2019-12-01T16:52:00Z
>> [INFO] ------------------------------------------------------------------------
>> [ERROR] Failed to execute goal org.owasp:dependency-check-
>maven:5.2.2:check (default) on project mailreader:
>> [ERROR]
>> [ERROR] One or more dependencies were identified with vulnerabilities that
>have a CVSS score greater than or equal to '7.0':
>> [ERROR]
>> [ERROR] struts-mailreader-dao-1.3.5.jar: CVE-2016-1181, CVE-2013-2115, CVE-
>2016-1182, CVE-2014-0114, CVE-2011-3923, CVE-2015-0899
>> [ERROR] commons-beanutils-1.6.jar: CVE-2014-0114, CVE-2019-10086
>> [ERROR] commons-collections-2.1.jar: CVE-2015-6420, CVE-2017-15708
>> [ERROR]
>> [ERROR] See the dependency-check report for more details.
>> [ERROR]
>> [ERROR]
>> [ERROR] -> [Help 1]
>> [ERROR]
>> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e
>switch.
>> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
>> [ERROR]
>> [ERROR] For more information about the errors and possible solutions, please
>read the following articles:
>> [ERROR] [Help 1]
>http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
>> [ERROR]
>> [ERROR] After correcting the problems, you can resume the build with the
>command
>> [ERROR]   mvn <goals> -rf :mailreader
>> Build step 'Execute shell' marked build as failure
>> [locks-and-latches] Releasing all the locks
>> [locks-and-latches] All the locks released
>> Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>> For additional commands, e-mail: dev-help@struts.apache.org
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
>For additional commands, e-mail: dev-help@struts.apache.org

Mime
View raw message