I've simply deactivated the plugin as proposed, so that we can do the
release.
I don't like the Idea to go back to an old version. I'm pretty sure
someone will fix that issue as we aren't the only ones using that plugin.
Andreas
Am 21.03.24 um 18:13 schrieb sahy...@fileaffairs.de:
OK - can replicate the issue too. works for me locally up to
dependency-check-maven 8.4.3 - would that be an option?
BR
Maruan
Am Donnerstag, dem 21.03.2024 um 17:38 +0100 schrieb Tilman Hausherr:
add
-Ppedantic
Tilman
On 21.03.2024 17:28, sahy...@fileaffairs.de wrote:
which mvn cmd do in need to issue to trigger the check? mvn clean
install didn't for me. Am I missing something?
BR
Maruan
Am Donnerstag, dem 21.03.2024 um 17:24 +0100 schrieb Tilman
Hausherr:
Jeremy Long wrote something that I haven't really understood.
Maybe
it
means building the NVD archive on a separate system and then
transferring it.
https://github.com/jeremylong/DependencyCheck/issues/6515#issuecomment-2011824975
However a leter message in the same issue made more sense, I'm
testing
locally with
<nvdDatafeedUrl>
https://dependency-check.github.io/DependencyCheck_Builder/nvd_cache/
</nvdDatafeedUrl>
Tilman
On 21.03.2024 09:48, sahy...@fileaffairs.de wrote:
Mhmm - is there a way to build locally and test the NVD update?
Ran it on a different project I have for a client locally and
NVD
update worked without issues and without an API key.
BR
Maruan
Am Donnerstag, dem 21.03.2024 um 08:36 +0100 schrieb Tilman
Hausherr:
I meant adding <skip>true</skip> to the <configuration> part.
Something isn't ok with NVD, maybe it got worse since then:
https://blog.fefe.de/?ts=9b0740e0
https://www.heise.de/news/Sicherheitsforscher-genervt-Luecken-Datenbank-NVD-seit-Wochen-unvollstaendig-9656574.html
Tilman
On 20.03.2024 22:05, Andreas Lehmkühler wrote:
Am 20.03.24 um 21:16 schrieb Tilman Hausherr:
If you still have the time, you could add a "skip" for
that
plugin;
the last successful build was this morning and no library
changes
were made since then. (and we still have a few days to
find
out
if
any libraries are now considered risky)
Good idea, but -Ddependency-check.skip=true doesn't work
either, it
still tries to update :-(
I'm going to continue tomorrow ....
Andreas
Tilman
On 20.03.2024 21:13, Tilman Hausherr wrote:
Seems it's a general problem:
https://github.com/jeremylong/DependencyCheck/issues/6515#issuecomment-2009879851
it also hangs on my local machine now, I don't have an
API
key.
Tilman
On 20.03.2024 20:57, Andreas Lehmkühler wrote:
Hi,
I'm trying to cut the 2.0.31 release but it always
hangs
when
the
build tries to update the NVD data.
Last week when I built the 3.0.2 release I had a
similar
effect.
The update was very slow but in the end it came to an
end
worked.
Now, nothing happens, the last words are
[INFO] [WARNING] An NVD API Key was not provided - it
is
highly
recommended to use an NVD API key as the update can
take
a
VERY
long time without an API Key
nothing more after that. It simply hangs
I've requested an api key, got one and now I'm trying
to
get
it
work, but it doesn't.
I've tried
* the mvn option -DnvdApiKey=xxxx
* define a server "nvd" in .m2/settings.xml including
the
key
and
add -DnvdApiServerId=nvd to the commandline
* define the environment variable NVD_API_KEY and add
-DnvdApiKeyEnvironmentVariable=NVD_API_KEY to the
commandline
Nothing works, I've always got those famous words: An
NVD
API
Key
was not provide ....
Any idea to get around this?
Andreas
P.S.: I'm on linux using coretto-8.332 and mvn 3.9.3
-----------------------------------------------------
----
----
--------
To unsubscribe, e-mail:
dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail:
dev-h...@pdfbox.apache.org
-------------------------------------------------------
----
----
------
To unsubscribe, e-mail:
dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail:
dev-h...@pdfbox.apache.org
---------------------------------------------------------
----
----
----
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail:
dev-h...@pdfbox.apache.org
-----------------------------------------------------------
----
----
--
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
-------------------------------------------------------------
----
----
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
---------------------------------------------------------------
----
--
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
-----------------------------------------------------------------
----
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
-------------------------------------------------------------------
--
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
