[jira] [Updated] (ZOOKEEPER-4960) Upgrade OWASP plugin to 12.1.3 due to recent parsing errors

Fri, 15 Aug 2025 12:33:24 -0700 


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4960?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andor Molnar updated ZOOKEEPER-4960:
------------------------------------
    Description: 
Looks like our Owasp version 8.3.1 is outdated, because recently started to 
throw the following errors:
{noformat}
12:06:36  [ERROR] org.owasp.dependencycheck.data.nvdcve.DatabaseException: 
Unable to parse CPE: cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
12:06:36  org.owasp.dependencycheck.data.update.exception.UpdateException: 
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: 
cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
12:06:36      at 
org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles 
(ProcessTask.java:157)
12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
(ProcessTask.java:114)
12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
(ProcessTask.java:41)
12:06:36      at java.util.concurrent.FutureTask.run (FutureTask.java:266)
12:06:36      at java.util.concurrent.ThreadPoolExecutor.runWorker 
(ThreadPoolExecutor.java:1149)
12:06:36      at java.util.concurrent.ThreadPoolExecutor$Worker.run 
(ThreadPoolExecutor.java:624)
12:06:36      at java.lang.Thread.run (Thread.java:750){noformat}
-I'll try to upgrade to a more recent version which still has Java 8 support.-

We have to upgrade to 12.1.3, because the fix hasn't been backported to Java 8 
versions.

  was:
Looks like our Owasp version 8.3.1 is outdated, because recently started to 
throw the following errors:
{noformat}
12:06:36  [ERROR] org.owasp.dependencycheck.data.nvdcve.DatabaseException: 
Unable to parse CPE: cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
12:06:36  org.owasp.dependencycheck.data.update.exception.UpdateException: 
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: 
cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
12:06:36      at 
org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles 
(ProcessTask.java:157)
12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
(ProcessTask.java:114)
12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
(ProcessTask.java:41)
12:06:36      at java.util.concurrent.FutureTask.run (FutureTask.java:266)
12:06:36      at java.util.concurrent.ThreadPoolExecutor.runWorker 
(ThreadPoolExecutor.java:1149)
12:06:36      at java.util.concurrent.ThreadPoolExecutor$Worker.run 
(ThreadPoolExecutor.java:624)
12:06:36      at java.lang.Thread.run (Thread.java:750){noformat}
I'll try to upgrade to a more recent version which still has Java 8 support.


> Upgrade OWASP plugin to 12.1.3 due to recent parsing errors
> -----------------------------------------------------------
>
>                 Key: ZOOKEEPER-4960
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4960
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.10.0, 3.8.4, 3.9.3
>            Reporter: Andor Molnar
>            Assignee: Andor Molnar
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Looks like our Owasp version 8.3.1 is outdated, because recently started to 
> throw the following errors:
> {noformat}
> 12:06:36  [ERROR] org.owasp.dependencycheck.data.nvdcve.DatabaseException: 
> Unable to parse CPE: cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
> 12:06:36  org.owasp.dependencycheck.data.update.exception.UpdateException: 
> org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: 
> cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
> 12:06:36      at 
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles 
> (ProcessTask.java:157)
> 12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
> (ProcessTask.java:114)
> 12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
> (ProcessTask.java:41)
> 12:06:36      at java.util.concurrent.FutureTask.run (FutureTask.java:266)
> 12:06:36      at java.util.concurrent.ThreadPoolExecutor.runWorker 
> (ThreadPoolExecutor.java:1149)
> 12:06:36      at java.util.concurrent.ThreadPoolExecutor$Worker.run 
> (ThreadPoolExecutor.java:624)
> 12:06:36      at java.lang.Thread.run (Thread.java:750){noformat}
> -I'll try to upgrade to a more recent version which still has Java 8 support.-
> We have to upgrade to 12.1.3, because the fix hasn't been backported to Java 
> 8 versions.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to