[jira] [Updated] (ZOOKEEPER-4984) Upgrade OWASP plugin to 12.1.6 due to breaking changes in the API

Wed, 01 Oct 2025 12:29:10 -0700 


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andor Molnar updated ZOOKEEPER-4984:
------------------------------------
    Affects Version/s: 3.9.4
                       3.8.5
                           (was: 3.8.4)
                           (was: 3.9.3)

> Upgrade OWASP plugin to 12.1.6 due to breaking changes in the API
> -----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4984
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4984
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.10.0, 3.8.5, 3.9.4
>            Reporter: Andor Molnar
>            Assignee: Andor Molnar
>            Priority: Major
>              Labels: pull-request-available
>
> Looks like our Owasp version 8.3.1 is outdated, because recently started to 
> throw the following errors:
> {noformat}
> 12:06:36  [ERROR] org.owasp.dependencycheck.data.nvdcve.DatabaseException: 
> Unable to parse CPE: cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
> 12:06:36  org.owasp.dependencycheck.data.update.exception.UpdateException: 
> org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: 
> cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
> 12:06:36      at 
> org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles 
> (ProcessTask.java:157)
> 12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
> (ProcessTask.java:114)
> 12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
> (ProcessTask.java:41)
> 12:06:36      at java.util.concurrent.FutureTask.run (FutureTask.java:266)
> 12:06:36      at java.util.concurrent.ThreadPoolExecutor.runWorker 
> (ThreadPoolExecutor.java:1149)
> 12:06:36      at java.util.concurrent.ThreadPoolExecutor$Worker.run 
> (ThreadPoolExecutor.java:624)
> 12:06:36      at java.lang.Thread.run (Thread.java:750){noformat}
> -I'll try to upgrade to a more recent version which still has Java 8 support.-
> We have to upgrade to 12.1.3, because the fix hasn't been backported to Java 
> 8 versions.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to