See <https://builds.apache.org/job/ZooKeeper-trunk-owasp/424/display/redirect?page=changes>
Changes: [eolivelli] ZOOKEEPER-3441: OWASP is flagging jackson-databind-2.9.9.jar for CVE-… ------------------------------------------ [...truncated 26.00 KB...] [ivy:retrieve] found org.apache.lucene#lucene-queries;7.6.0 in maven2 [ivy:retrieve] found org.apache.lucene#lucene-sandbox;7.6.0 in maven2 [ivy:retrieve] found org.apache.velocity#velocity;1.7 in maven2 [ivy:retrieve] found commons-lang#commons-lang;2.4 in maven2 [ivy:retrieve] found org.glassfish#javax.json;1.0.4 in maven2 [ivy:retrieve] found org.jsoup#jsoup;1.11.3 in maven2 [ivy:retrieve] found com.sun.mail#mailapi;1.6.3 in maven2 [ivy:retrieve] found com.google.guava#guava;27.0.1-jre in maven2 [ivy:retrieve] found com.google.guava#failureaccess;1.0.1 in maven2 [ivy:retrieve] found com.google.guava#listenablefuture;9999.0-empty-to-avoid-conflict-with-guava in maven2 [ivy:retrieve] found com.google.code.findbugs#jsr305;3.0.2 in maven2 [ivy:retrieve] found org.checkerframework#checker-qual;2.5.2 in maven2 [ivy:retrieve] found com.google.errorprone#error_prone_annotations;2.2.0 in maven2 [ivy:retrieve] found com.google.j2objc#j2objc-annotations;1.1 in maven2 [ivy:retrieve] found org.codehaus.mojo#animal-sniffer-annotations;1.17 in maven2 [ivy:retrieve] found com.h3xstream.retirejs#retirejs-core;3.0.1 in maven2 [ivy:retrieve] found org.json#json;20140107 in maven2 [ivy:retrieve] found com.esotericsoftware#minlog;1.3 in maven2 [ivy:retrieve] found com.github.spullara.mustache.java#compiler;0.8.17 in maven2 [ivy:retrieve] found com.h2database#h2;1.4.196 in maven2 [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/owasp/dependency-check-ant/4.0.2/dependency-check-ant-4.0.2.jar ... [ivy:retrieve] ............ (27kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.owasp#dependency-check-ant;4.0.2!dependency-check-ant.jar (110ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/owasp/dependency-check-core/4.0.2/dependency-check-core-4.0.2.jar ... [ivy:retrieve] ..................................................... (669kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.owasp#dependency-check-core;4.0.2!dependency-check-core.jar (83ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/owasp/dependency-check-utils/4.0.2/dependency-check-utils-4.0.2.jar ... [ivy:retrieve] ............... (36kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.owasp#dependency-check-utils;4.0.2!dependency-check-utils.jar (36ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/apache/commons/commons-compress/1.18/commons-compress-1.18.jar ... [ivy:retrieve] ................................................ (577kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.apache.commons#commons-compress;1.18!commons-compress.jar (77ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.4/commons-lang3-3.4.jar ... [ivy:retrieve] ...................................... (424kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.apache.commons#commons-lang3;3.4!commons-lang3.jar (58ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/apache/lucene/lucene-core/7.6.0/lucene-core-7.6.0.jar ... [ivy:retrieve] ...................................................................................................................................................................................................... (2989kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.apache.lucene#lucene-core;7.6.0!lucene-core.jar (211ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/apache/lucene/lucene-analyzers-common/7.6.0/lucene-analyzers-common-7.6.0.jar ... [ivy:retrieve] ................................................................................................................. (1622kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.apache.lucene#lucene-analyzers-common;7.6.0!lucene-analyzers-common.jar (82ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/apache/lucene/lucene-queryparser/7.6.0/lucene-queryparser-7.6.0.jar ... [ivy:retrieve] ................................... (372kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.apache.lucene#lucene-queryparser;7.6.0!lucene-queryparser.jar (39ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/sun/mail/mailapi/1.6.3/mailapi-1.6.3.jar ... [ivy:retrieve] .............................. (291kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.sun.mail#mailapi;1.6.3!mailapi.jar (37ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/google/guava/guava/27.0.1-jre/guava-27.0.1-jre.jar ... [ivy:retrieve] ................................................................................................................................................................................... (2682kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.google.guava#guava;27.0.1-jre!guava.jar(bundle) (260ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/h3xstream/retirejs/retirejs-core/3.0.1/retirejs-core-3.0.1.jar ... [ivy:retrieve] ............ (26kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.h3xstream.retirejs#retirejs-core;3.0.1!retirejs-core.jar (52ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/apache/lucene/lucene-queries/7.6.0/lucene-queries-7.6.0.jar ... [ivy:retrieve] ............................ (258kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.apache.lucene#lucene-queries;7.6.0!lucene-queries.jar (35ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/apache/lucene/lucene-sandbox/7.6.0/lucene-sandbox-7.6.0.jar ... [ivy:retrieve] ............................. (271kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.apache.lucene#lucene-sandbox;7.6.0!lucene-sandbox.jar (40ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar ... [ivy:retrieve] ... (4kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.google.guava#failureaccess;1.0.1!failureaccess.jar(bundle) (31ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar ... [ivy:retrieve] .. (2kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.google.guava#listenablefuture;9999.0-empty-to-avoid-conflict-with-guava!listenablefuture.jar (23ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/checkerframework/checker-qual/2.5.2/checker-qual-2.5.2.jar ... [ivy:retrieve] ....................... (188kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.checkerframework#checker-qual;2.5.2!checker-qual.jar (33ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.2.0/error_prone_annotations-2.2.0.jar ... [ivy:retrieve] ...... (13kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.google.errorprone#error_prone_annotations;2.2.0!error_prone_annotations.jar (25ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.1/j2objc-annotations-1.1.jar ... [ivy:retrieve] ..... (8kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.google.j2objc#j2objc-annotations;1.1!j2objc-annotations.jar (32ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/codehaus/mojo/animal-sniffer-annotations/1.17/animal-sniffer-annotations-1.17.jar ... [ivy:retrieve] ... (3kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.codehaus.mojo#animal-sniffer-annotations;1.17!animal-sniffer-annotations.jar (23ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/org/json/json/20140107/json-20140107.jar ... [ivy:retrieve] ............... (63kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] org.json#json;20140107!json.jar (25ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/esotericsoftware/minlog/1.3/minlog-1.3.jar ... [ivy:retrieve] .... (5kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.esotericsoftware#minlog;1.3!minlog.jar (26ms) [ivy:retrieve] downloading https://repo1.maven.org/maven2/com/github/spullara/mustache/java/compiler/0.8.17/compiler-0.8.17.jar ... [ivy:retrieve] ................... (113kB) [ivy:retrieve] .. (0kB) [ivy:retrieve] [SUCCESSFUL ] com.github.spullara.mustache.java#compiler;0.8.17!compiler.jar(bundle) (27ms) [ivy:retrieve] :: resolution report :: resolve 6119ms :: artifacts dl 1406ms --------------------------------------------------------------------- | | modules || artifacts | | conf | number| search|dwnlded|evicted|| number|dwnlded| --------------------------------------------------------------------- | owasp | 35 | 22 | 22 | 0 || 35 | 22 | --------------------------------------------------------------------- [ivy:retrieve] :: retrieving :: org.apache.zookeeper#zookeeper [ivy:retrieve] confs: [owasp] [ivy:retrieve] 35 artifacts copied, 0 already retrieved (15405kB/206ms) owasp-taskdef: ivy-retrieve: [ivy:retrieve] :: resolving dependencies :: org.apache.zookeeper#zookeeper;3.6.0-SNAPSHOT [ivy:retrieve] confs: [default] [ivy:retrieve] found jline#jline;2.11 in maven2 [ivy:retrieve] found org.eclipse.jetty#jetty-server;9.4.15.v20190215 in maven2 [ivy:retrieve] found javax.servlet#javax.servlet-api;3.1.0 in maven2 [ivy:retrieve] found org.eclipse.jetty#jetty-http;9.4.15.v20190215 in maven2 [ivy:retrieve] found org.eclipse.jetty#jetty-util;9.4.15.v20190215 in maven2 [ivy:retrieve] found org.eclipse.jetty#jetty-io;9.4.15.v20190215 in maven2 [ivy:retrieve] found org.eclipse.jetty#jetty-servlet;9.4.15.v20190215 in maven2 [ivy:retrieve] found org.eclipse.jetty#jetty-security;9.4.15.v20190215 in maven2 [ivy:retrieve] found com.fasterxml.jackson.core#jackson-databind;2.9.9.1 in maven2 [ivy:retrieve] found com.fasterxml.jackson.core#jackson-annotations;2.9.0 in maven2 [ivy:retrieve] found com.fasterxml.jackson.core#jackson-core;2.9.9 in maven2 [ivy:retrieve] found org.slf4j#slf4j-api;1.7.25 in maven2 [ivy:retrieve] found org.slf4j#slf4j-log4j12;1.7.25 in maven2 [ivy:retrieve] found commons-cli#commons-cli;1.2 in maven2 [ivy:retrieve] found com.github.spotbugs#spotbugs-annotations;3.1.9 in maven2 [ivy:retrieve] found com.google.code.findbugs#jsr305;3.0.2 in maven2 [ivy:retrieve] found log4j#log4j;1.2.17 in maven2 [ivy:retrieve] found org.apache.yetus#audience-annotations;0.5.0 in maven2 [ivy:retrieve] found io.netty#netty-all;4.1.36.Final in maven2 [ivy:retrieve] found com.googlecode.json-simple#json-simple;1.1.1 in maven2 [ivy:retrieve] found commons-lang#commons-lang;2.6 in maven2 [ivy:retrieve] found org.xerial.snappy#snappy-java;1.1.7 in maven2 [ivy:retrieve] found io.dropwizard.metrics#metrics-core;3.2.5 in maven2 [ivy:retrieve] :: resolution report :: resolve 366ms :: artifacts dl 17ms --------------------------------------------------------------------- | | modules || artifacts | | conf | number| search|dwnlded|evicted|| number|dwnlded| --------------------------------------------------------------------- | default | 23 | 0 | 0 | 0 || 23 | 0 | --------------------------------------------------------------------- [ivy:retrieve] :: retrieving :: org.apache.zookeeper#zookeeper [ivy:retrieve] confs: [default] [ivy:retrieve] 0 artifacts copied, 23 already retrieved (0kB/10ms) owasp: [owasp:dependency-check-update] Checking for updates [owasp:dependency-check-update] starting getUpdatesNeeded() ... [owasp:dependency-check-update] NVD CVE requires several updates; this could take a couple of minutes. [owasp:dependency-check-update] Download Started for NVD CVE - 2006 [owasp:dependency-check-update] Download Started for NVD CVE - 2002 [owasp:dependency-check-update] Download Started for NVD CVE - 2004 [owasp:dependency-check-update] Download Started for NVD CVE - 2003 [owasp:dependency-check-update] Download Started for NVD CVE - 2005 [owasp:dependency-check-update] Download Started for NVD CVE - 2007 [owasp:dependency-check-update] Download Started for NVD CVE - 2009 [owasp:dependency-check-update] Download Started for NVD CVE - 2008 [owasp:dependency-check-update] Download Started for NVD CVE - 2010 [owasp:dependency-check-update] Download Started for NVD CVE - 2011 [owasp:dependency-check-update] Download Started for NVD CVE - 2012 [owasp:dependency-check-update] Download Started for NVD CVE - 2013 [owasp:dependency-check-update] Download Started for NVD CVE - 2014 [owasp:dependency-check-update] Download Started for NVD CVE - 2015 [owasp:dependency-check-update] Download Started for NVD CVE - 2016 [owasp:dependency-check-update] Download Started for NVD CVE - 2017 [owasp:dependency-check-update] Download Started for NVD CVE - Modified [owasp:dependency-check-update] Download Started for NVD CVE - 2019 [owasp:dependency-check-update] Download Started for NVD CVE - 2018 [owasp:dependency-check-update] Download Complete for NVD CVE - Modified (1549 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - Modified [owasp:dependency-check-update] Download Complete for NVD CVE - 2003 (1858 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - 2003 [owasp:dependency-check-update] Download Complete for NVD CVE - 2004 (2014 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - 2004 [owasp:dependency-check-update] Download Complete for NVD CVE - 2005 (2362 ms) [owasp:dependency-check-update] Download Complete for NVD CVE - 2013 (3218 ms) [owasp:dependency-check-update] Download Complete for NVD CVE - 2006 (3291 ms) [owasp:dependency-check-update] Download Complete for NVD CVE - 2010 (3297 ms) [owasp:dependency-check-update] Download Complete for NVD CVE - 2002 (3391 ms) [owasp:dependency-check-update] Download Complete for NVD CVE - 2008 (3415 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - 2008 [owasp:dependency-check-update] Download Complete for NVD CVE - 2012 (3579 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - 2002 [owasp:dependency-check-update] Download Complete for NVD CVE - 2016 (3581 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - 2006 [owasp:dependency-check-update] Processing Started for NVD CVE - 2010 [owasp:dependency-check-update] Download Complete for NVD CVE - 2014 (3668 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - 2013 [owasp:dependency-check-update] Processing Started for NVD CVE - 2005 [owasp:dependency-check-update] Download Complete for NVD CVE - 2009 (3963 ms) [owasp:dependency-check-update] Download Complete for NVD CVE - 2007 (4023 ms) [owasp:dependency-check-update] Download Complete for NVD CVE - 2015 (3989 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - 2014 [owasp:dependency-check-update] Processing Started for NVD CVE - 2016 [owasp:dependency-check-update] Processing Started for NVD CVE - 2012 [owasp:dependency-check-update] Processing Started for NVD CVE - 2015 [owasp:dependency-check-update] Processing Started for NVD CVE - 2007 [owasp:dependency-check-update] Processing Started for NVD CVE - 2009 [owasp:dependency-check-update] Download Failed for NVD CVE - 2017 [owasp:dependency-check-update] Some CVEs may not be reported. [owasp:dependency-check-update] If you are behind a proxy you may need to configure dependency-check to use the proxy. [owasp:dependency-check-update] Download Complete for NVD CVE - 2011 (6236 ms) [owasp:dependency-check-update] Download Complete for NVD CVE - 2019 (6178 ms) [owasp:dependency-check-update] Processing Started for NVD CVE - 2011 [owasp:dependency-check-update] Processing Started for NVD CVE - 2019 [owasp:dependency-check-update] Download Failed for NVD CVE - 2018 [owasp:dependency-check-update] Some CVEs may not be reported. [owasp:dependency-check-update] If you are behind a proxy you may need to configure dependency-check to use the proxy. BUILD FAILED <https://builds.apache.org/job/ZooKeeper-trunk-owasp/ws/build.xml>:1722: org.owasp.dependencycheck.data.update.exception.UpdateException: The download was interrupted; unable to complete the update at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate(NvdCveUpdater.java:274) at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:119) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:899) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:871) at org.owasp.dependencycheck.taskdefs.Update.execute(Update.java:390) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292) at jdk.internal.reflect.GeneratedMethodAccessor6.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99) at org.apache.tools.ant.Task.perform(Task.java:350) at org.apache.tools.ant.Target.execute(Target.java:449) at org.apache.tools.ant.Target.performTasks(Target.java:470) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1391) at org.apache.tools.ant.Project.executeTarget(Project.java:1364) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41) at org.apache.tools.ant.Project.executeTargets(Project.java:1254) at org.apache.tools.ant.Main.runBuild(Main.java:830) at org.apache.tools.ant.Main.startAnt(Main.java:223) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:284) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:101) Total time: 1 minute 5 seconds Build step 'Invoke Ant' marked build as failure Archiving artifacts