I'm also seeing a depreciation notice for the ossindex-maven-plugin as well
https://github.com/OSSIndex/ossindex-maven-plugin#deprecated-please-upgrade-to-ossindex-maven Any info please folks? Thanks On Sun, Apr 5, 2020 at 11:14 PM lewis john mcgibbney <lewi...@apache.org> wrote: > Hi dev@, > Working on TIKA-3082, I just tried to build master branch > > Downgrading my Java version to 1.8 > java -version > java version "1.8.0_221" > Java(TM) SE Runtime Environment (build 1.8.0_221-b11) > Java HotSpot(TM) 64-Bit Server VM (build 25.221-b11, mixed mode) > > [INFO] --- ossindex-maven-plugin:3.1.0:audit (audit-dependencies) @ > tika-parsers --- > [INFO] Checking for vulnerabilities; 154 artifacts > [INFO] Exclude coordinates: [] > [INFO] Exclude vulnerability identifiers: [] > [INFO] CVSS-score threshold: 0.0 > [INFO] > ------------------------------------------------------------------------ > [INFO] Reactor Summary for Apache Tika 2.0.0-SNAPSHOT: > [INFO] > [INFO] Apache Tika parent ................................. SUCCESS [ > 2.663 s] > [INFO] Apache Tika core ................................... SUCCESS [ > 10.059 s] > [INFO] Apache Tika parsers ................................ FAILURE [ > 4.035 s] > [INFO] Apache Tika OSGi bundle ............................ SKIPPED > [INFO] Apache Tika XMP .................................... SKIPPED > [INFO] Apache Tika serialization .......................... SKIPPED > [INFO] Apache Tika batch .................................. SKIPPED > [INFO] Apache Tika language detection ..................... SKIPPED > [INFO] Apache Tika application ............................ SKIPPED > [INFO] Apache Tika translate .............................. SKIPPED > [INFO] Apache Tika server ................................. SKIPPED > [INFO] Apache Tika fuzzing ................................ SKIPPED > [INFO] Apache Tika eval ................................... SKIPPED > [INFO] Apache Tika examples ............................... SKIPPED > [INFO] Apache Tika Java-7 Components ...................... SKIPPED > [INFO] Apache Tika Deep Learning (powered by DL4J) ........ SKIPPED > [INFO] Apache Tika Natural Language Processing ............ SKIPPED > [INFO] Apache Tika ........................................ SKIPPED > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD FAILURE > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 17.641 s > [INFO] Finished at: 2020-04-05T23:08:02-07:00 > [INFO] > ------------------------------------------------------------------------ > [ERROR] Failed to execute goal > org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0:audit > (audit-dependencies) on project tika-parsers: Detected 2 vulnerable > components: > [ERROR] org.apache.cxf:cxf-core:jar:3.3.5:compile; > https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-core@3.3.5 > [ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with > JMX by registering an Instrumentati... (5.3); > https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51 > [ERROR] org.apache.cxf:cxf-rt-frontend-jaxrs:jar:3.3.5:compile; > https://ossindex.sonatype.org/component/pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs@3.3.5 > [ERROR] * [CVE-2020-1954] Apache CXF has the ability to integrate with > JMX by registering an Instrumentati... (5.3); > https://ossindex.sonatype.org/vuln/20bc51e8-29c6-4168-9326-ae0ed18e5d51 > [ERROR] > [ERROR] -> [Help 1] > [ERROR] > [ERROR] To see the full stack trace of the errors, re-run Maven with the > -e switch. > [ERROR] Re-run Maven using the -X switch to enable full debug logging. > [ERROR] > [ERROR] For more information about the errors and possible solutions, > please read the following articles: > [ERROR] [Help 1] > http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException > [ERROR] > [ERROR] After correcting the problems, you can resume the build with the > command > [ERROR] mvn <goals> -rf :tika-parsers > > Is anyone else experiencing this issue? I can't imagine I'm the only > one...! > Thanks > Lewis > > -- > http://home.apache.org/~lewismc/ > http://people.apache.org/keys/committer/lewismc > -- http://home.apache.org/~lewismc/ http://people.apache.org/keys/committer/lewismc