[PR] Bump OWASP Dependency-Check to 12.1.3 (fix CVSS v4/SAFETY crash) [solr]

Wed, 20 Aug 2025 01:48:07 -0700 


iamsanjay opened a new pull request, #3491:
URL: https://github.com/apache/solr/pull/3491

   Upgrades the owasp-dependencycheck to 12.1.3 so it handles NVD’s CVSS v4 
data.
   
   ```
   Caused by: com.fasterxml.jackson.databind.exc.ValueInstantiationException: 
Cannot construct instance of 
`io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data$ModifiedCiaType`, 
problem: SAFETY
    at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` 
disabled); line: 1, column: 5913764] (through reference chain: 
io.github.jeremylong.openvulnerability.client.nvd.CveApiJson20["vulnerabilities"]->java.util.ArrayList[1471]->io.github.jeremylong.openvulnerability.client.nvd.DefCveItem["cve"]->io.github.jeremylong.openvulnerability.client.nvd.CveItem["metrics"]->io.github.jeremylong.openvulnerability.client.nvd.Metrics["cvssMetricV40"]->java.util.ArrayList[0]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4["cvssData"]->io.github.jeremylong.openvulnerability.client.nvd.CvssV4Data["modifiedSubIntegrityImpact"])
        at 
com.fasterxml.jackson.databind.exc.ValueInstantiationException.from(ValueInstantiationException.java:47)
        at 
com.fasterxml.jackson.databind.DeserializationContext.instantiationException(DeserializationContext.java:2015)
        at 
   
   ```
   https://ci-builds.apache.org/job/Solr/job/OWASP-main/


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to