[jira] [Updated] (ZOOKEEPER-4984) Upgrade OWASP plugin to 12.1.6 due to breaking changes in the API

Andor Molnar (Jira) Wed, 01 Oct 2025 13:46:55 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andor Molnar updated ZOOKEEPER-4984:
------------------------------------
    Description: 
Authentication is now required for {*}Sonatype OSS Index{*}: 
[https://ossindex.sonatype.org/doc/auth-required]

I don't think we need this feature, so I won't add API key to the public repo, 
but I have to update the plugin to skip indexing with softfail.

  was:
Looks like our Owasp version 8.3.1 is outdated, because recently started to 
throw the following errors:
{noformat}
12:06:36  [ERROR] org.owasp.dependencycheck.data.nvdcve.DatabaseException: 
Unable to parse CPE: cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
12:06:36  org.owasp.dependencycheck.data.update.exception.UpdateException: 
org.owasp.dependencycheck.data.nvdcve.DatabaseException: Unable to parse CPE: 
cpe:2.3:a:f5:nginx unit:*:*:*:*:*:*:*:*
12:06:36      at 
org.owasp.dependencycheck.data.update.nvd.ProcessTask.processFiles 
(ProcessTask.java:157)
12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
(ProcessTask.java:114)
12:06:36      at org.owasp.dependencycheck.data.update.nvd.ProcessTask.call 
(ProcessTask.java:41)
12:06:36      at java.util.concurrent.FutureTask.run (FutureTask.java:266)
12:06:36      at java.util.concurrent.ThreadPoolExecutor.runWorker 
(ThreadPoolExecutor.java:1149)
12:06:36      at java.util.concurrent.ThreadPoolExecutor$Worker.run 
(ThreadPoolExecutor.java:624)
12:06:36      at java.lang.Thread.run (Thread.java:750){noformat}
-I'll try to upgrade to a more recent version which still has Java 8 support.-

We have to upgrade to 12.1.3, because the fix hasn't been backported to Java 8 
versions.


> Upgrade OWASP plugin to 12.1.6 due to breaking changes in the API
> -----------------------------------------------------------------
>
>                 Key: ZOOKEEPER-4984
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4984
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.10.0, 3.8.5, 3.9.4
>            Reporter: Andor Molnar
>            Assignee: Andor Molnar
>            Priority: Major
>              Labels: pull-request-available
>
> Authentication is now required for {*}Sonatype OSS Index{*}: 
> [https://ossindex.sonatype.org/doc/auth-required]
> I don't think we need this feature, so I won't add API key to the public 
> repo, but I have to update the plugin to skip indexing with softfail.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ZOOKEEPER-4984) Upgrade OWASP plugin to 12.1.6 due to breaking changes in the API

Reply via email to