See <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/167/display/redirect>
Changes: ------------------------------------------ [...truncated 83 B...] The recommended git tool is: NONE No credentials specified Cloning the remote Git repository Cloning repository https://gitbox.apache.org/repos/asf/struts-examples.git > git init > <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/> > # timeout=10 Fetching upstream changes from https://gitbox.apache.org/repos/asf/struts-examples.git > git --version # timeout=10 > git --version # 'git version 2.34.1' > git fetch --tags --force --progress -- > https://gitbox.apache.org/repos/asf/struts-examples.git > +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url > https://gitbox.apache.org/repos/asf/struts-examples.git # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # > timeout=10 Avoid second fetch > git rev-parse refs/remotes/origin/main^{commit} # timeout=10 Checking out Revision 9293ef31a9fc751e8f392b96953d43a8f4e0bcc0 (refs/remotes/origin/main) > git config core.sparsecheckout # timeout=10 > git checkout -f 9293ef31a9fc751e8f392b96953d43a8f4e0bcc0 # timeout=10 Commit message: "Merge pull request #507 from apache/dependabot/github_actions/actions/checkout-6.0.0" > git rev-list --no-walk 9293ef31a9fc751e8f392b96953d43a8f4e0bcc0 # timeout=10 Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3 [Struts-examples-dependency-check] $ /bin/sh -xe /tmp/jenkins11805013428506321422.sh + export MAVEN_OPTS=-Xms2g -Xmx2g + export PATH=/home/jenkins/tools/maven/latest3:/home/jenkins/tools/java/latest17/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin + ./mvnw verify -Pdependency-check [INFO] Scanning for projects... Downloading from apache-public: https://repository.apache.org/content/groups/public/io/quarkus/quarkus-universe-bom/3.28.1/quarkus-universe-bom-3.28.1.pom Downloading from apache-staging: https://repository.apache.org/content/groups/staging/io/quarkus/quarkus-universe-bom/3.28.1/quarkus-universe-bom-3.28.1.pom Downloading from apache-snapshots: https://repository.apache.org/content/groups/snapshots/io/quarkus/quarkus-universe-bom/3.28.1/quarkus-universe-bom-3.28.1.pom Downloading from oss-snapshots: https://oss.sonatype.org/content/repositories/snapshots/io/quarkus/quarkus-universe-bom/3.28.1/quarkus-universe-bom-3.28.1.pom Downloading from central: https://repo.maven.apache.org/maven2/io/quarkus/quarkus-universe-bom/3.28.1/quarkus-universe-bom-3.28.1.pom Progress (1): 789 BProgress (1): 2.0 kBProgress (1): 7.9 kBProgress (1): 15 kB Progress (1): 20 kBProgress (1): 32 kBProgress (1): 40 kBProgress (1): 47 kBProgress (1): 57 kBProgress (1): 67 kBProgress (1): 74 kBProgress (1): 87 kBProgress (1): 98 kBProgress (1): 105 kBProgress (1): 115 kBProgress (1): 126 kBProgress (1): 133 kBProgress (1): 146 kBProgress (1): 153 kBProgress (1): 160 kBProgress (1): 168 kBProgress (1): 177 kBProgress (1): 184 kBProgress (1): 191 kBProgress (1): 199 kBProgress (1): 204 kBProgress (1): 210 kBProgress (1): 221 kBProgress (1): 227 kBProgress (1): 238 kBProgress (1): 249 kBProgress (1): 257 kBProgress (1): 267 kBProgress (1): 279 kBProgress (1): 288 kBProgress (1): 298 kBProgress (1): 317 kBProgress (1): 328 kBProgress (1): 341 kBProgress (1): 360 kBProgress (1): 366 kBProgress (1): 378 kBProgress (1): 393 kBProgress (1): 403 kBProgress (1): 420 kBProgress (1): 436 kBProgress (1): 448 kBProgress (1): 469 kBProgress (1): 482 kBProgress (1): 489 kBProgress (1): 500 kBProgress (1): 513 kBProgress (1): 520 kBProgress (1): 531 kBProgress (1): 540 kBProgress (1): 548 kBProgress (1): 561 kBProgress (1): 567 kBProgress (1): 577 kBProgress (1): 596 kBProgress (1): 615 kBProgress (1): 628 kBProgress (1): 648 kBProgress (1): 667 kBProgress (1): 679 kBProgress (1): 698 kBProgress (1): 711 kBProgress (1): 720 kBProgress (1): 732 kBProgress (1): 747 kBProgress (1): 758 kBProgress (1): 769 kBProgress (1): 782 kBProgress (1): 790 kBProgress (1): 803 kBProgress (1): 812 kBProgress (1): 817 kBProgress (1): 827 kBProgress (1): 835 kBProgress (1): 839 kBProgress (1): 847 kBProgress (1): 855 kBProgress (1): 861 kBProgress (1): 868 kBProgress (1): 879 kBProgress (1): 887 kBProgress (1): 894 kBProgress (1): 900 kBProgress (1): 906 kBProgress (1): 916 kBProgress (1): 926 kBProgress (1): 934 kBProgress (1): 947 kBProgress (1): 960 kBProgress (1): 968 kBProgress (1): 981 kBProgress (1): 994 kBProgress (1): 1.0 MBProgress (1): 1.0 MBProgress (1): 1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/io/quarkus/quarkus-universe-bom/3.28.1/quarkus-universe-bom-3.28.1.pom (1.0 MB at 4.3 MB/s) [WARNING] [WARNING] Some problems were encountered while building the effective model for org.apache.struts:rest-angular:war:2.0.0 [WARNING] 'build.plugins.plugin.version' for com.cj.jshintmojo:jshint-maven-plugin is missing. @ line 116, column 21 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. [WARNING] [WARNING] For this reason, future Maven versions might no longer support building such malformed projects. [WARNING] [INFO] ------------------------------------------------------------------------ [INFO] Reactor Build Order: [INFO] [INFO] Struts 2 Examples [pom] [INFO] Action chaining [war] [INFO] Annotations with Convention Plugin [war] [INFO] Basic Struts2 Example [war] [INFO] Bean Validation [war] [INFO] Struts 2 Blank Webapp [war] [INFO] Coding Struts 2 Action [war] [INFO] Control Tags [war] [INFO] CRUD Example [war] [INFO] Debugging Struts [war] [INFO] Dynamic Url [war] [INFO] Exception handling [war] [INFO] Exclude Parameters [war] [INFO] Expression Cache [war] [INFO] File upload [war] [INFO] Form Processing [war] [INFO] Form Tags [war] [INFO] Form validation [war] [INFO] XML based form validation [war] [INFO] Hello World Struts 2 Example Application [war] [INFO] Http Session [war] [INFO] Struts 2 Interceptors [war] [INFO] jfreechart [war] [INFO] JSON produce/consume [war] [INFO] Customized JSON produce [war] [INFO] Struts 2 Mail Reader Webapp [war] [INFO] Message resource [war] [INFO] Message Store [war] [INFO] Preparable Interface [war] [INFO] Struts 2 Quarkus [jar] [INFO] REST to Action Mapper Example Application [war] [INFO] REST Plugin based application with AngularJS [war] [INFO] Struts2 with Basic Shiro Security Integration [war] [INFO] Struts2 with Spring Integration [war] [INFO] Custom TextProvider [war] [INFO] Struts Tiles Example [war] [INFO] Struts 2 Themes [war] [INFO] Struts 2 Themes Override [war] [INFO] Type Conversion [war] [INFO] Unit Testing [war] [INFO] Unknown handler [war] [INFO] Using Struts 2 Tags [war] [INFO] validation-messages [war] [INFO] Wildcard Method Selection [war] [INFO] Wildcard RegEx pattern matching [war] [INFO] JasperReports Tutorial [war] [INFO] Struts Sitemesh 3 Example [war] [INFO] [INFO] -----------------< org.apache.struts:struts-examples >------------------ [INFO] Building Struts 2 Examples 2.0.0 [1/47] [INFO] from pom.xml [INFO] --------------------------------[ pom ]--------------------------------- Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/7.0.3/struts2-core-7.0.3.pom Progress (1): 7.5/12 kBProgress (1): 8.2/12 kBProgress (1): 12 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/7.0.3/struts2-core-7.0.3.pom (12 kB at 63 kB/s) Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-parent/7.0.3/struts2-parent-7.0.3.pom Progress (1): 7.5/38 kBProgress (1): 8.2/38 kBProgress (1): 16/38 kB Progress (1): 23/38 kBProgress (1): 25/38 kBProgress (1): 33/38 kBProgress (1): 38 kB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-parent/7.0.3/struts2-parent-7.0.3.pom (38 kB at 107 kB/s) Downloading from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/7.0.3/struts2-core-7.0.3.jar Progress (1): 0/1.5 MBProgress (1): 0/1.5 MBProgress (1): 0/1.5 MBProgress (1): 0/1.5 MBProgress (1): 0/1.5 MBProgress (1): 0/1.5 MBProgress (1): 0/1.5 MBProgress (1): 0/1.5 MBProgress (1): 0/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.1/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.2/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.3/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.4/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.5/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.6/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.7/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.8/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 0.9/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.0/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.1/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.2/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.3/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.4/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5/1.5 MBProgress (1): 1.5 MB Downloaded from apache-public: https://repository.apache.org/content/groups/public/org/apache/struts/struts2-core/7.0.3/struts2-core-7.0.3.jar (1.5 MB at 1.4 MB/s) [INFO] [INFO] --- dependency-check:12.1.8:check (default) @ struts-examples --- [INFO] Checking for updates [WARNING] An NVD API Key was not provided - it is highly recommended to use an NVD API key as the update can take a VERY long time without an API Key [INFO] NVD API has 3,222 records in this update [INFO] Downloaded 3,222/3,222 (100%) [INFO] Completed processing batch 1/2 (50%) in 8,493ms [INFO] Completed processing batch 2/2 (100%) in 543ms [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json [INFO] Begin database defrag [INFO] End database defrag (14517 ms) [INFO] Check for updates complete (28279 ms) [INFO] Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html [INFO] Analysis Started [INFO] Finished Archive Analyzer (0 seconds) [INFO] Finished File Name Analyzer (0 seconds) [INFO] Finished Jar Analyzer (0 seconds) [INFO] Finished Dependency Merging Analyzer (0 seconds) [INFO] Finished Hint Analyzer (0 seconds) [INFO] Finished Version Filter Analyzer (0 seconds) [INFO] Created CPE Index (3 seconds) [INFO] Finished CPE Analyzer (4 seconds) [INFO] Finished False Positive Analyzer (0 seconds) [INFO] Finished NVD CVE Analyzer (0 seconds) [INFO] Finished RetireJS Analyzer (0 seconds) [WARNING] Disabling OSS Index analyzer due to missing user/password credentials. Authentication is now required: https://ossindex.sonatype.org/doc/auth-required [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) [INFO] Finished Dependency Bundling Analyzer (0 seconds) [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.struts/struts\-core@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}cve={CVE-2016-1182,CVE-2016-1181,CVE-2014-0114,CVE-2015-0899,CVE-2011-5057,CVE-2012-0391,CVE-2012-0392,CVE-2012-0393,CVE-2012-0394,CVE-2012-0838,CVE-2013-1965,CVE-2013-1966,CVE-2013-2115,CVE-2013-2134,CVE-2013-2135,CVE-2014-0094,CVE-2014-0113,CVE-2015-5169,CVE-2016-0785,CVE-2016-4003,CVE-2015-2992,}} [INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-tiles\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^org\.apache\.struts:struts\-taglib\:1\.3\.8.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:struts, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.beanshell/bsh@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2016-2510, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:plexus-utils_project:plexus-utils, regex=false, caseSensitive=false},}cve={CVE-2017-1000487,}vulnerabilityName={PropertyType{value=Directory traversal in org.codehaus.plexus.util.Expand, regex=false, caseSensitive=false},PropertyType{value=Possible XML Injection, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/uk\.ltd\.getahead/dwr@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:getahead:direct_web_remoting, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_collections, regex=false, caseSensitive=false},}cve={CVE-2015-6420,CVE-2017-15708,}vulnerabilityName={PropertyType{value=Remote code execution, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:commons_beanutils, regex=false, caseSensitive=false},}cve={CVE-2014-0114,CVE-2019-10086,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/dom4j/dom4j@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:dom4j_project:dom4j, regex=false, caseSensitive=false},}cve={CVE-2020-10683,CVE-2018-1000632,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.tiles/tiles\-ognl@.*$, regex=true, caseSensitive=false},cve={CVE-2016-3093,}} [INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^io\.quarkus:quarkus-jdbc-postgresql:.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:postgresql:postgresql, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^io\.quarkus:quarkus-resteasy.*:.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:redhat:resteasy, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^io\.quarkus:quarkus-undertow.*:.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:redhat:undertow, regex=false, caseSensitive=false},}cve={CVE-2022-4147,}} [INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^io\.quarkus:quarkus-swagger-ui.*:.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:swagger_project:swagger-ui, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{gav=PropertyType{value=^io\.quarkus:quarkus-netty.*:.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:netty:netty, regex=false, caseSensitive=false},}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.microprofile\.config/microprofile-config-api@.*, regex=true, caseSensitive=false},cve={CVE-2022-37422,CVE-2022-45129,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/io\.quarkus/quarkus-vertx-http@.*, regex=true, caseSensitive=false},cve={CVE-2022-4147,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-.*@.*$, regex=true, caseSensitive=false},cve={CVE-2022-22965,CVE-2022-22950,CVE-2022-22968,CVE-2022-22970,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.velocity/velocity@.*, regex=true, caseSensitive=false},cve={CVE-2020-13936,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.velocity/velocity-tools@.*, regex=true, caseSensitive=false},cve={CVE-2020-13959,}} [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.thoughtworks\.xstream/xstream@1\.4\.19, regex=true, caseSensitive=false},cve={CVE-2022-40151,CVE-2022-40152,CVE-2022-40156,}} [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) [INFO] Analysis Complete (5 seconds) [INFO] Writing HTML report to: <https://ci-builds.apache.org/job/Struts/job/Struts-examples-dependency-check/ws/target/dependency-check-report.html> [WARNING] One or more dependencies were identified with known vulnerabilities in Struts 2 Examples: commons-fileupload2-core-2.0.0-M2.jar (pkg:maven/org.apache.commons/[email protected], cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:*) : CVE-2025-48976 commons-lang3-3.17.0.jar (pkg:maven/org.apache.commons/[email protected], cpe:2.3:a:apache:commons_lang:3.17.0:*:*:*:*:*:*:*) : CVE-2025-48924 log4j-core-2.25.1.jar (pkg:maven/org.apache.logging.log4j/[email protected], cpe:2.3:a:apache:log4j:2.25.1:*:*:*:*:*:*:*) : CVE-2025-68161 struts2-core-7.0.3.jar (pkg:maven/org.apache.struts/[email protected], cpe:2.3:a:apache:struts:7.0.3:*:*:*:*:*:*:*) : CVE-2025-66675, CVE-2025-64775 See the dependency-check report for more details. [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary for Struts 2 Examples 2.0.0: [INFO] [INFO] Struts 2 Examples .................................. FAILURE [ 41.978 s] [INFO] Action chaining .................................... SKIPPED [INFO] Annotations with Convention Plugin ................. SKIPPED [INFO] Basic Struts2 Example .............................. SKIPPED [INFO] Bean Validation .................................... SKIPPED [INFO] Struts 2 Blank Webapp .............................. SKIPPED [INFO] Coding Struts 2 Action ............................. SKIPPED [INFO] Control Tags ....................................... SKIPPED [INFO] CRUD Example ....................................... SKIPPED [INFO] Debugging Struts ................................... SKIPPED [INFO] Dynamic Url ........................................ SKIPPED [INFO] Exception handling ................................. SKIPPED [INFO] Exclude Parameters ................................. SKIPPED [INFO] Expression Cache ................................... SKIPPED [INFO] File upload ........................................ SKIPPED [INFO] Form Processing .................................... SKIPPED [INFO] Form Tags .......................................... SKIPPED [INFO] Form validation .................................... SKIPPED [INFO] XML based form validation .......................... SKIPPED [INFO] Hello World Struts 2 Example Application ........... SKIPPED [INFO] Http Session ....................................... SKIPPED [INFO] Struts 2 Interceptors .............................. SKIPPED [INFO] jfreechart ......................................... SKIPPED [INFO] JSON produce/consume ............................... SKIPPED [INFO] Customized JSON produce ............................ SKIPPED [INFO] Struts 2 Mail Reader Webapp ........................ SKIPPED [INFO] Message resource ................................... SKIPPED [INFO] Message Store ...................................... SKIPPED [INFO] Preparable Interface ............................... SKIPPED [INFO] Struts 2 Quarkus ................................... SKIPPED [INFO] REST to Action Mapper Example Application .......... SKIPPED [INFO] REST Plugin based application with AngularJS ....... SKIPPED [INFO] Struts2 with Basic Shiro Security Integration ...... SKIPPED [INFO] Struts2 with Spring Integration .................... SKIPPED [INFO] Custom TextProvider ................................ SKIPPED [INFO] Struts Tiles Example ............................... SKIPPED [INFO] Struts 2 Themes .................................... SKIPPED [INFO] Struts 2 Themes Override ........................... SKIPPED [INFO] Type Conversion .................................... SKIPPED [INFO] Unit Testing ....................................... SKIPPED [INFO] Unknown handler .................................... SKIPPED [INFO] Using Struts 2 Tags ................................ SKIPPED [INFO] validation-messages ................................ SKIPPED [INFO] Wildcard Method Selection .......................... SKIPPED [INFO] Wildcard RegEx pattern matching .................... SKIPPED [INFO] JasperReports Tutorial ............................. SKIPPED [INFO] Struts Sitemesh 3 Example .......................... SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 44.465 s [INFO] Finished at: 2026-03-29T21:59:54Z [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.owasp:dependency-check-maven:12.1.8:check (default) on project struts-examples: [ERROR] [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': [ERROR] [ERROR] commons-fileupload2-core-2.0.0-M2.jar (pkg:maven/org.apache.commons/[email protected], cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:*): CVE-2025-48976(7.5) [ERROR] struts2-core-7.0.3.jar (pkg:maven/org.apache.struts/[email protected], cpe:2.3:a:apache:struts:7.0.3:*:*:*:*:*:*:*): CVE-2025-64775(7.5), CVE-2025-66675(8.2) [ERROR] [ERROR] See the dependency-check report for more details. [ERROR] [ERROR] [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException Build step 'Execute shell' marked build as failure Setting MAVEN_3_LATEST_HOME=/home/jenkins/tools/maven/latest3
