[prev in list] [next in list] [prev in thread] [next in thread]
List: struts-dev
Subject: Build failed in Jenkins: Struts-examples-JDK8-dependency-check #5
From: Apache Jenkins Server <jenkins () builds ! apache ! org>
Date: 2019-11-28 19:34:19
Message-ID: 314079524.13887.1574969660139.JavaMail.jenkins () jenkins02
[Download RAW message or body]
See <https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/5/display/redirect?page=changes>
Changes:
[lukaszlenart] Uses the latest 4.x Hibernate Validator
------------------------------------------
[...truncated 13.40 KB...]
[INFO] Assembling webapp [annotations] in \
[<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/annotations/target/annotations]>
[INFO] Processing war project
[INFO] Copying webapp resources \
[<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/annotations/src/main/webapp]>
[INFO] Webapp assembled in [135 msecs]
[INFO] Building war: \
<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/annotations/target/annotations.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:5.2.2:check (default) @ annotations ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (2 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd \
party dependencies; false positives and false negatives may exist in the analysis \
performed by the tool. Use of the tool and the reporting provided constitutes \
acceptance for use in an AS IS condition, and there are NO warranties, implied or \
otherwise, with regard to the analysis or its use. Any use of the tool and the \
reporting provided is at the user?s risk. In no event shall the copyright holder or \
OWASP be held liable for any damages whatsoever arising out of or in connection with \
the use of this tool, the analysis performed, or the resulting report.
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[INFO]
[INFO] -------------------< org.apache.struts:basic-struts >-------------------
[INFO] Building Basic Struts2 Example 1.0.0 [4/42]
[INFO] --------------------------------[ war ]---------------------------------
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ basic-struts \
--- [INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 2 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ basic-struts ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ \
basic-struts --- [INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory \
<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/basic-struts/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @ basic-struts \
--- [INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ basic-struts ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ basic-struts ---
[INFO] Packaging webapp
[INFO] Assembling webapp [basic-struts] in \
[<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/basic-struts/target/basic-struts]>
[INFO] Processing war project
[INFO] Copying webapp resources \
[<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/basic-struts/src/main/webapp]>
[INFO] Webapp assembled in [70 msecs]
[INFO] Building war: \
<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/basic-struts/target/basic-struts.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:5.2.2:check (default) @ basic-struts ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (1 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd \
party dependencies; false positives and false negatives may exist in the analysis \
performed by the tool. Use of the tool and the reporting provided constitutes \
acceptance for use in an AS IS condition, and there are NO warranties, implied or \
otherwise, with regard to the analysis or its use. Any use of the tool and the \
reporting provided is at the user?s risk. In no event shall the copyright holder or \
OWASP be held liable for any damages whatsoever arising out of or in connection with \
the use of this tool, the analysis performed, or the resulting report.
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (1 seconds)
[INFO]
[INFO] -----------------< org.apache.struts:bean-validation >------------------
[INFO] Building Bean Validation 1.0.0 [5/42]
[INFO] --------------------------------[ war ]---------------------------------
Downloading from apache-public: \
https://repository.apache.org/content/groups/public/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.pom
Downloading from apache-staging: \
https://repository.apache.org/content/groups/staging/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.pom
Downloading from apache-snapshots: \
https://repository.apache.org/content/groups/snapshots/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.pom
Downloading from oss-snapshots: \
https://oss.sonatype.org/content/repositories/snapshots/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.pom
Downloading from central: \
https://repo.maven.apache.org/maven2/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.pom
Progress (1): 2.2/12 kBProgress (1): 5.0/12 kBProgress (1): 7.8/12 kBProgress (1): \
11/12 kB Progress (1): 12 kB Downloaded from central: \
https://repo.maven.apache.org/maven2/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.pom \
(12 kB at 119 kB/s) Downloading from apache-public: \
https://repository.apache.org/content/groups/public/org/hibernate/hibernate-validator-parent/4.3.2.Final/hibernate-validator-parent-4.3.2.Final.pom
Downloading from apache-staging: \
https://repository.apache.org/content/groups/staging/org/hibernate/hibernate-validator-parent/4.3.2.Final/hibernate-validator-parent-4.3.2.Final.pom
Downloading from apache-snapshots: \
https://repository.apache.org/content/groups/snapshots/org/hibernate/hibernate-validator-parent/4.3.2.Final/hibernate-validator-parent-4.3.2.Final.pom
Downloading from oss-snapshots: \
https://oss.sonatype.org/content/repositories/snapshots/org/hibernate/hibernate-validator-parent/4.3.2.Final/hibernate-validator-parent-4.3.2.Final.pom
Downloading from central: \
https://repo.maven.apache.org/maven2/org/hibernate/hibernate-validator-parent/4.3.2.Final/hibernate-validator-parent-4.3.2.Final.pom
Progress (1): 2.2/21 kBProgress (1): 5.0/21 kBProgress (1): 7.8/21 kBProgress (1): \
11/21 kB Progress (1): 13/21 kBProgress (1): 16/21 kBProgress (1): 19/21 kBProgress \
(1): 21/21 kBProgress (1): 21 kB Downloaded from central: \
https://repo.maven.apache.org/maven2/org/hibernate/hibernate-validator-parent/4.3.2.Final/hibernate-validator-parent-4.3.2.Final.pom \
(21 kB at 1.0 MB/s) Downloading from apache-public: \
https://repository.apache.org/content/groups/public/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.jar
Downloading from apache-staging: \
https://repository.apache.org/content/groups/staging/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.jar
Downloading from apache-snapshots: \
https://repository.apache.org/content/groups/snapshots/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.jar
Downloading from oss-snapshots: \
https://oss.sonatype.org/content/repositories/snapshots/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.jar
Downloading from central: \
https://repo.maven.apache.org/maven2/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.jar
Progress (1): 2.2/485 kBProgress (1): 5.0/485 kBProgress (1): 7.7/485 kBProgress \
(1): 10/485 kB Progress (1): 13/485 kBProgress (1): 16/485 kBProgress (1): 19/485 \
kBProgress (1): 21/485 kBProgress (1): 24/485 kBProgress (1): 27/485 kBProgress (1): \
30/485 kBProgress (1): 32/485 kBProgress (1): 36/485 kBProgress (1): 40/485 \
kBProgress (1): 45/485 kBProgress (1): 49/485 kBProgress (1): 53/485 kBProgress (1): \
57/485 kBProgress (1): 61/485 kBProgress (1): 65/485 kBProgress (1): 69/485 \
kBProgress (1): 73/485 kBProgress (1): 77/485 kBProgress (1): 81/485 kBProgress (1): \
85/485 kBProgress (1): 90/485 kBProgress (1): 94/485 kBProgress (1): 98/485 \
kBProgress (1): 102/485 kBProgress (1): 106/485 kBProgress (1): 110/485 kBProgress \
(1): 114/485 kBProgress (1): 118/485 kBProgress (1): 122/485 kBProgress (1): 126/485 \
kBProgress (1): 131/485 kBProgress (1): 135/485 kBProgress (1): 139/485 kBProgress \
(1): 143/485 kBProgress (1): 147/485 kBProgress (1): 151/485 kBProgress (1): 155/485 \
kBProgress (1): 159/485 kBProgress (1): 163/485 kBProgress (1): 167/485 kBProgress \
(1): 171/485 kBProgress (1): 176/485 kBProgress (1): 180/485 kBProgress (1): 184/485 \
kBProgress (1): 188/485 kBProgress (1): 192/485 kBProgress (1): 196/485 kBProgress \
(1): 200/485 kBProgress (1): 204/485 kBProgress (1): 208/485 kBProgress (1): 212/485 \
kBProgress (1): 217/485 kBProgress (1): 221/485 kBProgress (1): 225/485 kBProgress \
(1): 229/485 kBProgress (1): 233/485 kBProgress (1): 237/485 kBProgress (1): 241/485 \
kBProgress (1): 245/485 kBProgress (1): 249/485 kBProgress (1): 253/485 kBProgress \
(1): 258/485 kBProgress (1): 262/485 kBProgress (1): 266/485 kBProgress (1): 270/485 \
kBProgress (1): 274/485 kBProgress (1): 278/485 kBProgress (1): 282/485 kBProgress \
(1): 286/485 kBProgress (1): 290/485 kBProgress (1): 294/485 kBProgress (1): 298/485 \
kBProgress (1): 303/485 kBProgress (1): 307/485 kBProgress (1): 311/485 kBProgress \
(1): 315/485 kBProgress (1): 319/485 kBProgress (1): 323/485 kBProgress (1): 327/485 \
kBProgress (1): 331/485 kBProgress (1): 335/485 kBProgress (1): 339/485 kBProgress \
(1): 344/485 kBProgress (1): 348/485 kBProgress (1): 352/485 kBProgress (1): 356/485 \
kBProgress (1): 360/485 kBProgress (1): 364/485 kBProgress (1): 368/485 kBProgress \
(1): 372/485 kBProgress (1): 376/485 kBProgress (1): 380/485 kBProgress (1): 384/485 \
kBProgress (1): 389/485 kBProgress (1): 393/485 kBProgress (1): 397/485 kBProgress \
(1): 401/485 kBProgress (1): 405/485 kBProgress (1): 409/485 kBProgress (1): 413/485 \
kBProgress (1): 417/485 kBProgress (1): 421/485 kBProgress (1): 425/485 kBProgress \
(1): 430/485 kBProgress (1): 434/485 kBProgress (1): 438/485 kBProgress (1): 442/485 \
kBProgress (1): 446/485 kBProgress (1): 450/485 kBProgress (1): 454/485 kBProgress \
(1): 458/485 kBProgress (1): 462/485 kBProgress (1): 466/485 kBProgress (1): 470/485 \
kBProgress (1): 475/485 kBProgress (1): 479/485 kBProgress (1): 483/485 kBProgress \
(1): 485 kB Downloaded from central: \
https://repo.maven.apache.org/maven2/org/hibernate/hibernate-validator/4.3.2.Final/hibernate-validator-4.3.2.Final.jar \
(485 kB at 4.8 MB/s) [INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ bean-validation \
--- [INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ bean-validation ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ \
bean-validation --- [INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory \
<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/bean-validation/src/test/resources>
[INFO]
[INFO] --- maven-compiler-plugin:3.3:testCompile (default-testCompile) @ \
bean-validation --- [INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ bean-validation ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-war-plugin:2.2:war (default-war) @ bean-validation ---
[INFO] Packaging webapp
[INFO] Assembling webapp [bean-validation] in \
[<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/bean-validation/target/bean-validation]>
[INFO] Processing war project
[INFO] Copying webapp resources \
[<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/bean-validation/src/main/webapp]>
[INFO] Webapp assembled in [122 msecs]
[INFO] Building war: \
<https://builds.apache.org/job/Struts-examples-JDK8-dependency-check/ws/bean-validation/target/bean-validation.war>
[INFO] WEB-INF/web.xml already added, skipping
[INFO]
[INFO] --- dependency-check-maven:5.2.2:check (default) @ bean-validation ---
[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (2 ms)
[INFO]
Dependency-Check is an open source tool performing a best effort analysis of 3rd \
party dependencies; false positives and false negatives may exist in the analysis \
performed by the tool. Use of the tool and the reporting provided constitutes \
acceptance for use in an AS IS condition, and there are NO warranties, implied or \
otherwise, with regard to the analysis or its use. Any use of the tool and the \
reporting provided is at the user?s risk. In no event shall the copyright holder or \
OWASP be held liable for any damages whatsoever arising out of or in connection with \
the use of this tool, the analysis performed, or the resulting report.
[INFO] Analysis Started
[INFO] Finished Archive Analyzer (0 seconds)
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Jar Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished RetireJS Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (2 seconds)
[WARNING]
One or more dependencies were identified with known vulnerabilities in Bean \
Validation:
commons-beanutils-1.9.3.jar (pkg:maven/commons-beanutils/commons-beanutils@1.9.3, \
cpe:2.3:a:apache:commons_beanutils:1.9.3:*:*:*:*:*:*:*) : CVE-2019-10086
See the dependency-check report for more details.
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Struts 2 Examples 1.0.0 ............................ SUCCESS [ 31.078 s]
[INFO] Action chaining 1.0-SNAPSHOT ....................... SUCCESS [ 4.419 s]
[INFO] Annotations with Convention Plugin ................. SUCCESS [ 3.841 s]
[INFO] Basic Struts2 Example .............................. SUCCESS [ 2.695 s]
[INFO] Bean Validation .................................... FAILURE [ 8.107 s]
[INFO] Struts 2 Blank Webapp .............................. SKIPPED
[INFO] Coding Struts 2 Action ............................. SKIPPED
[INFO] Control Tags ....................................... SKIPPED
[INFO] CRUD Example 1.0-SNAPSHOT .......................... SKIPPED
[INFO] Debugging Struts ................................... SKIPPED
[INFO] Exception handling ................................. SKIPPED
[INFO] Exclude Parameters ................................. SKIPPED
[INFO] File upload ........................................ SKIPPED
[INFO] Form Processing .................................... SKIPPED
[INFO] Form Tags .......................................... SKIPPED
[INFO] Form validation .................................... SKIPPED
[INFO] XML based form validation .......................... SKIPPED
[INFO] Hello World Struts 2 Example Application ........... SKIPPED
[INFO] Http Session ....................................... SKIPPED
[INFO] Struts 2 Interceptors .............................. SKIPPED
[INFO] JSON produce/consume 1.0-SNAPSHOT .................. SKIPPED
[INFO] Customized JSON produce 1.0-SNAPSHOT ............... SKIPPED
[INFO] Struts 2 Mail Reader Webapp ........................ SKIPPED
[INFO] Message resource ................................... SKIPPED
[INFO] Message Store 1.0-SNAPSHOT ......................... SKIPPED
[INFO] Portlet Webapp ..................................... SKIPPED
[INFO] Preparable Interface ............................... SKIPPED
[INFO] REST to Action Mapper Example Application .......... SKIPPED
[INFO] REST Plugin based application with AngularJS ....... SKIPPED
[INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED
[INFO] Struts2 with Spring Integration .................... SKIPPED
[INFO] Custom TextProvider ................................ SKIPPED
[INFO] Struts Tiles Example ............................... SKIPPED
[INFO] Struts 2 Themes .................................... SKIPPED
[INFO] Struts 2 Themes Override ........................... SKIPPED
[INFO] Type Conversion .................................... SKIPPED
[INFO] Unit Testing ....................................... SKIPPED
[INFO] Using Struts 2 Tags ................................ SKIPPED
[INFO] validation-messages ................................ SKIPPED
[INFO] Wildcard Method Selection .......................... SKIPPED
[INFO] Wildcard RegEx pattern matching 1 .................. SKIPPED
[INFO] Unknown handler 1.0.0 .............................. SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 50.668 s
[INFO] Finished at: 2019-11-28T19:34:18Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:5.2.2:check (default) \
on project bean-validation: [ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a \
CVSS score greater than or equal to '7.0': [ERROR]
[ERROR] commons-beanutils-1.9.3.jar: CVE-2019-10086
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR]
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the \
following articles: [ERROR] [Help 1] \
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException [ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :bean-validation
Build step 'Execute shell' marked build as failure
[locks-and-latches] Releasing all the locks
[locks-and-latches] All the locks released
Setting MAVEN_3_LATEST__HOME=/home/jenkins/tools/maven/latest3/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic