Hmm, I just ran `mvn dependency-check:check` and got this error while
downloading.
[ERROR] The execution of the download was interrupted
org.owasp.dependencycheck.data.update.exception.UpdateException: The
execution of the download was interrupted
at org.owasp.dependencycheck.data.update.NvdCveUpdater.performUpdate
(NvdCveUpdater.java:317)
at org.owasp.dependencycheck.data.update.NvdCveUpdater.update
(NvdCveUpdater.java:125)
at org.owasp.dependencycheck.Engine.doUpdates (Engine.java:936)
...
Caused by: java.lang.NullPointerException
at
org.owasp.dependencycheck.data.nvdcve.CveItemOperator.extractBaseEcosystemFromReferences
(CveItemOperator.java:143)
at
org.owasp.dependencycheck.data.nvdcve.CveItemOperator.extractBaseEcosystem
(CveItemOperator.java:139)
at org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability
(CveDB.java:876)
at org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse
(NvdCveParser.java:99)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON
(ProcessTask.java:139)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles
(ProcessTask.java:152)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
(ProcessTask.java:113)
at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
(ProcessTask.java:40)
at java.util.concurrent.FutureTask.run (FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker
(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run
(ThreadPoolExecutor.java:624)
at java.lang.Thread.run (Thread.java:748)
Maybe there is some issue when connecting to the NVD database.
On Wed, Apr 21, 2021 at 4:14 PM Atul Mohan <a...@apache.org> wrote:
>
> I'm in the process of verification, but the dependency-check failed for me
> with the following error:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Caused by: org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable
> to parse CPE: cpe:2.3:a:perl:file::path:1.08:*:*:*:*:*:*:* at
> org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpe (CveDB.java:1341)
> at org.owasp.dependencycheck.data.nvdcve.CveDB.lambda$parseCpes$3
> (CveDB.java:1298) at java.util.ArrayList.forEach (ArrayList.java:1257)
> at org.owasp.dependencycheck.data.nvdcve.CveDB.parseCpes
> (CveDB.java:1297) at
> org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability
> (CveDB.java:880) at
> org.owasp.dependencycheck.data.update.nvd.NvdCveParser.parse
> (NvdCveParser.java:99) at
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.importJSON
> (ProcessTask.java:139) at
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles
> (ProcessTask.java:152) at
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> (ProcessTask.java:113) at
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.call
> (ProcessTask.java:40) at java.util.concurrent.FutureTask.run
> (FutureTask.java:266) at
> java.util.concurrent.ThreadPoolExecutor.runWorker
> (ThreadPoolExecutor.java:1149) at
> java.util.concurrent.ThreadPoolExecutor$Worker.run
> (ThreadPoolExecutor.java:624) at java.lang.Thread.run (Thread.java:748)*
>
> Am I missing something?
>
> On Mon, Apr 19, 2021 at 4:33 PM Clint Wylie <cwy...@apache.org> wrote:
>
> > +1 (binding)
> >
> > src package:
> > - verified signature/checksum
> > - LICENSE/NOTICE present
> > - compiled, ran checks, unit tests
> > - built binary distribution, ingested some data and ran some queries
> >
> > binary package:
> > - verified signature/checksum
> > - LICENSE/NOTICE present
> > - ingested some data and ran some queries
> >
> > docker:
> > - verified checksum
> > - started cluster with docker-compose, ingested some data and ran some
> > queries
> >
> > Thanks for putting the release together Jihoon!
> >
> > On Fri, Apr 16, 2021 at 5:59 PM Jihoon Son <jihoon...@apache.org> wrote:
> >
> > > Hi all,
> > >
> > > I have created a build for Apache Druid 0.21.0, release
> > > candidate 1.
> > >
> > > Thanks for everyone who has helped contribute to the release! You can
> > read
> > > the proposed release notes here:
> > > https://github.com/apache/druid/issues/10752
> > >
> > > The release candidate has been tagged in GitHub as
> > > druid-0.21.0-rc1 (733697c25ff22045f14016d83b123fa18556dec8),
> > > available here:
> > > https://github.com/apache/druid/releases/tag/druid-0.21.0-rc1
> > >
> > > The artifacts to be voted on are located here:
> > > https://dist.apache.org/repos/dist/dev/druid/0.21.0-rc1/
> > >
> > > A staged Maven repository is available for review at:
> > > https://repository.apache.org/content/repositories/orgapachedruid-1023/
> > >
> > > Staged druid.apache.org website documentation is available here:
> > > https://druid.staged.apache.org/docs/0.21.0/design/index.html
> > >
> > > A Docker image containing the binary of the release candidate can be
> > > retrieved via:
> > > docker pull apache/druid:0.21.0-rc1
> > >
> > > artifact checksums
> > > src:
> > >
> > >
> > 8ff3c5ce96b6eff67a68945284e9d2280ea6fbca4ee4a3a023e74685f05dfbed84d1e9071ed5331cb0b1416cb87895d146ce733ae228070a9437375e1baca022
> > > bin:
> > >
> > >
> > 4c1b9ff4c8d89e1c78f0bc9e414ea4e855a637925959b5e4e4edd79bdbd0311f0b09cc332c6f48f982f10d9d46d2658cee802bac4e60116598d1aaf3deebf9b1
> > > docker: 33ff4044017f5974f2e250512a1dd2449078dbf1fa18dd2bd4fa511a4c9f2f78
> > >
> > > Release artifacts are signed with the following key:
> > > https://people.apache.org/keys/committer/jihoonson.asc
> > >
> > > This key and the key of other committers can also be found in the
> > project's
> > > KEYS file here:
> > > https://dist.apache.org/repos/dist/release/druid/KEYS
> > >
> > > (If you are a committer, please feel free to add your own key to that
> > file
> > > by following the instructions in the file's header.)
> > >
> > >
> > > Verify checksums:
> > > diff <(shasum -a512 apache-druid-0.21.0-src.tar.gz | \
> > > cut -d ' ' -f1) \
> > > <(cat apache-druid-0.21.0-src.tar.gz.sha512 ; echo)
> > >
> > > diff <(shasum -a512 apache-druid-0.21.0-bin.tar.gz | \
> > > cut -d ' ' -f1) \
> > > <(cat apache-druid-0.21.0-bin.tar.gz.sha512 ; echo)
> > >
> > > Verify signatures:
> > > gpg --verify apache-druid-0.21.0-src.tar.gz.asc \
> > > apache-druid-0.21.0-src.tar.gz
> > >
> > > gpg --verify apache-druid-0.21.0-bin.tar.gz.asc \
> > > apache-druid-0.21.0-bin.tar.gz
> > >
> > > Please review the proposed artifacts and vote. Note that Apache has
> > > specific requirements that must be met before +1 binding votes can be
> > cast
> > > by PMC members. Please refer to the policy at
> > > http://www.apache.org/legal/release-policy.html#policy for more details.
> > >
> > > As part of the validation process, the release artifacts can be generated
> > > from source by running:
> > > mvn clean install -Papache-release,dist -Dgpg.skip
> > >
> > > The RAT license check can be run from source by:
> > > mvn apache-rat:check -Prat
> > >
> > > This vote will be open for at least 72 hours. The vote will pass if a
> > > majority of at least three +1 PMC votes are cast.
> > >
> > > [ ] +1 Release this package as Apache Druid 0.21.0
> > > [ ] 0 I don't feel strongly about it, but I'm okay with the release
> > > [ ] -1 Do not release this package because...
> > >
> > > Thanks!
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org
> > > For additional commands, e-mail: dev-h...@druid.apache.org
> > >
> > >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org
For additional commands, e-mail: dev-h...@druid.apache.org
