19:00:19 Started by GitHub push by andreapoli 19:00:19 Running as SYSTEM 19:00:19 Building in workspace /var/lib/jenkins/workspace/GovWay 19:00:19 [WS-CLEANUP] Clean-up disabled, skipping workspace deletion. 19:00:19 The recommended git tool is: NONE 19:00:19 No credentials specified 19:00:19 > /usr/bin/git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/GovWay/.git # timeout=10 19:00:19 Fetching changes from the remote Git repository 19:00:20 > /usr/bin/git config remote.origin.url https://github.com/link-it/govway.git # timeout=10 19:00:20 Fetching upstream changes from https://github.com/link-it/govway.git 19:00:20 > /usr/bin/git --version # timeout=10 19:00:20 > git --version # 'git version 2.23.1' 19:00:20 > /usr/bin/git fetch --tags --force --progress -- https://github.com/link-it/govway.git +refs/heads/*:refs/remotes/origin/* # timeout=10 19:00:21 > /usr/bin/git rev-parse origin/master^{commit} # timeout=10 19:00:21 Checking out Revision 46dace05608a4b49fa481edb04b2fc812b5bdb29 (origin/master) 19:00:21 > /usr/bin/git config core.sparsecheckout # timeout=10 19:00:21 > /usr/bin/git checkout -f 46dace05608a4b49fa481edb04b2fc812b5bdb29 # timeout=10 19:00:21 Commit message: "[GovWayCore] In presenza di messaggi SOAPWithAttachments, tramite una trasformazione è adesso possibile forzare la generazione del parametro 'start' nel Content-Type." 19:00:21 > /usr/bin/git rev-list --no-walk ceb85a1067dd0dc043efc4913fde47dd86058a51 # timeout=10 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 19:00:21 [GovWay] $ /bin/bash /tmp/jenkins6117489975198920419.sh 19:00:21 ============================= 19:00:21 General Info 19:00:21 Workspace: /var/lib/jenkins/workspace/GovWay 19:00:21 Build: true 19:00:21 Deploy: true 19:00:21 Test: true 19:00:21 Test Integrazione: true 19:00:21 ============================= 19:00:21 19:00:21 ============================= 19:00:21 Environment Info 19:00:21 HOME: /var/lib/jenkins 19:00:21 ANT_OPTS: -Xmx512m -XX:MaxMetaspaceSize=700m -XX:+UseG1GC 19:00:21 MAVEN_OPTS: 19:00:21 SOFTHSM2_CONF: /home/ec2-user/lib/softhsm/softhsm2.conf 19:00:21 SONAR_SCANNER_OPTS: 19:00:21 ============================= 19:00:21 19:00:21 ============================= 19:00:21 Java 19:00:21 openjdk version "11.0.12" 2021-07-20 19:00:21 OpenJDK Runtime Environment 18.9 (build 11.0.12+7) 19:00:21 OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7, mixed mode) 19:00:21 ============================= 19:00:21 19:00:21 ============================= 19:00:21 Git Info 19:00:21 Url: https://github.com/link-it/govway.git 19:00:21 branch: origin/master 19:00:21 commit: 46dace05608a4b49fa481edb04b2fc812b5bdb29 19:00:21 previuos commit: ceb85a1067dd0dc043efc4913fde47dd86058a51 19:00:21 previuos successful commit: ceb85a1067dd0dc043efc4913fde47dd86058a51 19:00:21 commit message: [GovWayCore] 19:00:21 In presenza di messaggi SOAPWithAttachments, tramite una trasformazione è adesso possibile forzare la generazione del parametro 'start' nel Content-Type. 19:00:21 ============================= 19:00:21 19:00:21 ============================= 19:00:21 NODEjs Info 19:00:21 v18.17.1 19:00:22 { 19:00:22 npm: '9.6.7', 19:00:22 node: '18.17.1', 19:00:22 acorn: '8.8.2', 19:00:22 ada: '2.5.0', 19:00:22 ares: '1.19.1', 19:00:22 brotli: '1.0.9', 19:00:22 cldr: '43.0', 19:00:22 icu: '73.1', 19:00:22 llhttp: '6.0.11', 19:00:22 modules: '108', 19:00:22 napi: '9', 19:00:22 nghttp2: '1.52.0', 19:00:22 nghttp3: '0.7.0', 19:00:22 ngtcp2: '0.8.1', 19:00:22 openssl: '3.0.10+quic', 19:00:22 simdutf: '3.2.12', 19:00:22 tz: '2023c', 19:00:22 undici: '5.22.1', 19:00:22 unicode: '15.0', 19:00:22 uv: '1.44.2', 19:00:22 uvwasi: '0.0.18', 19:00:22 v8: '10.2.154.26-node.26', 19:00:22 zlib: '1.2.13.1-motley' 19:00:22 } 19:00:22 ============================= 19:00:22 19:00:22 ============================= 19:00:22 OWASP ZAP Info 'ZAP_2.15.0' 19:00:22 Associo diritti di esecuzione agli script zap ... 19:00:22 Associati diritti di esecuzione agli script zap 19:00:22 Update ... 19:00:22 Execute: /opt/openjdk-11.0.12_7//bin/java -classpath /opt/zaproxy/ZAP_2.15.0/*:/opt/zaproxy/ZAP_2.15.0/lib/* org.zaproxy.zap.ZAP -cmd -addonupdate -port 8280 -host 127.0.0.1 19:00:23 Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.15.0 19:00:39 Add-on update check complete 19:00:45 Update effettuato 19:00:45 ============================= 19:00:45 19:00:45 19:00:45 19:00:45 Fermo application server ... 19:00:45 Tomcat is not running 19:00:45 Fermo application server effettuato 19:00:45 Ripulisco log application server ... 19:00:45 Ripulisco log application server effettuato 19:00:45 Predispongo dir testsuite ... 19:00:45 Predispongo dir testsuite ok 19:00:45 Ripulisco output jacoco ... 19:00:45 Ripulisco output jacoco effettuato 19:00:45 Fermo sonarqube ... 19:00:45 19:00:45 Gracefully stopping SonarQube... 19:00:46 Stopped SonarQube. 19:00:46 Fermo sonarqube effettuato 19:00:46 Verifico che il workspace non esista ... 19:00:46 Non e' stata rilevata una corretta re-inizializzazione del Workspace 19:00:46 [Boolean condition] checking [true] against [^(1|y|yes|t|true|on|run)$] (origin token: ${GOVWAY_BUILD}) 19:00:46 Run condition [Boolean condition] enabling perform for step [BuilderChain] 19:00:46 [GovWay] $ /bin/sh -xe /tmp/jenkins2170438986142977985.sh 19:00:46 + perl -pi -e s/log4bash.appender=ColorConsoleAppender/log4bash.appender=ConsoleAppender/g /var/lib/jenkins/workspace/GovWay/distrib/log4bash.properties 19:00:46 + sed -i -e 's#<module>swagger-codegen</module>#<!-- <module>swagger-codegen</module> -->#g' /var/lib/jenkins/workspace/GovWay/mvn/dependencies/pom.xml 19:00:46 + sed -i -e s#UPDATE_DOC=true#UPDATE_DOC=false#g /var/lib/jenkins/workspace/GovWay/distrib/distrib.sh 19:00:46 + sed -i -e s#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver,db2#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver#g /var/lib/jenkins/workspace/GovWay/ant/setup/prepare-build.properties 19:00:46 [GovWay] $ /opt/apache-maven-3.6.3/bin/mvn initialize 19:00:48 [INFO] Scanning for projects... 19:00:49 [INFO] ------------------------------------------------------------------------ 19:00:49 [INFO] Reactor Build Order: 19:00:49 [INFO] 19:00:49 [INFO] govway [pom] 19:00:49 [INFO] dependencies [pom] 19:00:49 [INFO] dependencies.ant [pom] 19:00:49 [INFO] dependencies.antinstaller [pom] 19:00:49 [INFO] dependencies.axiom [pom] 19:00:49 [INFO] dependencies.bean-validation [pom] 19:00:49 [INFO] dependencies.cxf [pom] 19:00:49 [INFO] dependencies.commons [pom] 19:00:49 [INFO] dependencies.faces [pom] 19:00:49 [INFO] dependencies.git [pom] 19:00:49 [INFO] dependencies.httpcore [pom] 19:00:49 [INFO] dependencies.jackson [pom] 19:00:49 [INFO] dependencies.javax [pom] 19:00:49 [INFO] dependencies.jax [pom] 19:00:49 [INFO] dependencies.jetty [pom] 19:00:49 [INFO] dependencies.jminix [pom] 19:00:49 [INFO] dependencies.json [pom] 19:00:49 [INFO] dependencies.log [pom] 19:00:49 [INFO] dependencies.lucene [pom] 19:00:49 [INFO] dependencies.swagger [pom] 19:00:49 [INFO] dependencies.opensaml [pom] 19:00:49 [INFO] dependencies.pdf [pom] 19:00:49 [INFO] dependencies.redis [pom] 19:00:49 [INFO] dependencies.reports [pom] 19:00:49 [INFO] dependencies.saaj [pom] 19:00:49 [INFO] dependencies.security [pom] 19:00:49 [INFO] dependencies.shared [pom] 19:00:49 [INFO] dependencies.soapbox [pom] 19:00:49 [INFO] dependencies.spring [pom] 19:00:49 [INFO] dependencies.spring-ldap [pom] 19:00:49 [INFO] dependencies.spring-security [pom] 19:00:49 [INFO] dependencies.swagger [pom] 19:00:49 [INFO] dependencies.wadl [pom] 19:00:49 [INFO] dependencies.wss4j [pom] 19:00:49 [INFO] dependencies.testsuite [pom] 19:00:49 [INFO] dependencies.testsuite.axis14 [pom] 19:00:49 [INFO] dependencies.testsuite.as [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly8 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly9 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly10 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly11 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly12 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly13 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly14 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly15 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly16 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly17 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly18 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly19 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly20 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly21 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly22 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly23 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly24 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly25 [pom] 19:00:49 [INFO] dependencies.testsuite.as.wildfly26 [pom] 19:00:49 [INFO] dependencies.testsuite.as.tomcat9 [pom] 19:00:49 [INFO] dependencies.testsuite.test [pom] 19:00:49 [INFO] dependencies.testsuite.staticAnalysis [pom] 19:00:49 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 19:00:49 [INFO] dependencies.testsuite.coverage [pom] 19:00:49 [INFO] compile [pom] 19:00:49 [INFO] package [pom] 19:00:49 [INFO] testsuite.utils [pom] 19:00:49 [INFO] testsuite.utils.sql [pom] 19:00:49 [INFO] testsuite.pdd.core [pom] 19:00:49 [INFO] testsuite.pdd.core.sql [pom] 19:00:49 [INFO] static_analysis.spotbugs [pom] 19:00:49 [INFO] static_analysis.sonarqube [pom] 19:00:49 [INFO] dynamic_analysis.zap [pom] 19:00:49 [INFO] coverage.jacoco [pom] 19:00:49 [INFO] 19:00:49 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 19:00:49 [INFO] Building govway 1.0 [1/71] 19:00:49 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:49 [INFO] 19:00:49 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 19:00:49 [INFO] Building dependencies 1.0 [2/71] 19:00:49 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:49 [INFO] 19:00:49 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 19:00:49 [INFO] Building dependencies.ant 1.0 [3/71] 19:00:49 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:49 [INFO] 19:00:49 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.ant --- 19:00:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 19:00:49 [INFO] 19:00:49 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 19:00:51 [INFO] Copying ant-contrib-1.0b3.jar to /var/lib/jenkins/workspace/GovWay/lib/ant/ant-contrib-1.0b3.jar 19:00:51 [INFO] 19:00:51 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 19:00:51 [INFO] Building dependencies.antinstaller 1.0 [4/71] 19:00:51 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:51 [INFO] 19:00:51 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.antinstaller --- 19:00:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 19:00:51 [INFO] 19:00:51 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 19:00:51 [INFO] Copying ant-installer-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-installer-0.8b.jar 19:00:51 [INFO] Copying xml-apis_antinstaller-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/xml-apis_antinstaller-0.8b.jar 19:00:51 [INFO] Copying ai-icons-eclipse_antinstaller-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ai-icons-eclipse_antinstaller-0.8b.jar 19:00:51 [INFO] Copying jgoodies-edited-1.2.2-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/jgoodies-edited-1.2.2-gov4j-1.jar 19:00:51 [INFO] Copying ant-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-1.10.11.jar 19:00:51 [INFO] Copying ant-apache-regexp-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-apache-regexp-1.10.11.jar 19:00:51 [INFO] Copying ant-launcher-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-launcher-1.10.11.jar 19:00:51 [INFO] Copying jakarta-regexp-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/jakarta-regexp-1.5.jar 19:00:51 [INFO] 19:00:51 [INFO] ---------------< org.openspcoop2:org.openspcoop2.axiom >---------------- 19:00:51 [INFO] Building dependencies.axiom 1.0 [5/71] 19:00:51 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:51 [INFO] 19:00:51 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.axiom --- 19:00:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axiom (includes = [*.jar], excludes = []) 19:00:51 [INFO] 19:00:51 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.axiom --- 19:00:51 [INFO] Copying axiom-api-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-api-1.2.13-gov4j-2.jar 19:00:51 [INFO] Copying axiom-dom-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-dom-1.2.13-gov4j-2.jar 19:00:51 [INFO] Copying axiom-impl-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-impl-1.2.13-gov4j-2.jar 19:00:51 [INFO] Copying axiom-common-impl-1.2.13.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-common-impl-1.2.13.jar 19:00:51 [INFO] 19:00:51 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 19:00:51 [INFO] Building dependencies.bean-validation 1.0 [6/71] 19:00:51 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:51 [INFO] 19:00:51 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.bean-validation --- 19:00:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 19:00:51 [INFO] 19:00:51 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 19:00:51 [INFO] Copying hibernate-validator-6.2.5.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/hibernate-validator-6.2.5.Final.jar 19:00:51 [INFO] Copying hibernate-validator-cdi-6.2.5.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/hibernate-validator-cdi-6.2.5.Final.jar 19:00:51 [INFO] Copying classmate-1.5.1.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/classmate-1.5.1.jar 19:00:51 [INFO] Copying jboss-logging-3.4.3.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/jboss-logging-3.4.3.Final.jar 19:00:51 [INFO] 19:00:51 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 19:00:51 [INFO] Building dependencies.cxf 1.0 [7/71] 19:00:51 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:51 [INFO] 19:00:51 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.cxf --- 19:00:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 19:00:51 [INFO] 19:00:51 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 19:00:51 [INFO] Copying cxf-core-3.6.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-3.6.4-gov4j-1.jar 19:00:51 [INFO] Copying cxf-rt-rs-security-jose-3.6.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-3.6.4-gov4j-1.jar 19:00:51 [INFO] Copying cxf-rt-bindings-soap-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-bindings-soap-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-databinding-jaxb-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-databinding-jaxb-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-features-logging-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-features-logging-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-frontend-jaxrs-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-jaxrs-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-frontend-jaxws-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-jaxws-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-frontend-simple-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-simple-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-rs-json-basic-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-json-basic-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-rs-security-jose-jaxrs-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-jaxrs-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-rs-service-description-openapi-v3-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-openapi-v3-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-rs-service-description-swagger-ui-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-swagger-ui-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-rs-service-description-common-openapi-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-common-openapi-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-rs-client-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-client-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-security-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-security-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-security-saml-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-security-saml-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-transports-http-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-transports-http-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-transports-http-jetty-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-transports-http-jetty-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-wsdl-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-wsdl-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-ws-policy-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-ws-policy-3.6.4.jar 19:00:51 [INFO] Copying cxf-rt-ws-security-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-ws-security-3.6.4.jar 19:00:51 [INFO] Copying cxf-tools-common-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-common-3.6.4.jar 19:00:51 [INFO] Copying cxf-tools-validator-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-validator-3.6.4.jar 19:00:51 [INFO] Copying cxf-tools-wsdlto-core-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-core-3.6.4.jar 19:00:51 [INFO] Copying cxf-tools-wsdlto-databinding-jaxb-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-databinding-jaxb-3.6.4.jar 19:00:51 [INFO] Copying cxf-tools-wsdlto-frontend-jaxws-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-frontend-jaxws-3.6.4.jar 19:00:51 [INFO] Copying jakarta.ws.rs-api-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/jakarta.ws.rs-api-2.1.6.jar 19:00:51 [INFO] Copying stax2-api-4.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/stax2-api-4.2.2.jar 19:00:51 [INFO] Copying woodstox-core-6.6.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/woodstox-core-6.6.2.jar 19:00:51 [INFO] Copying xml-resolver-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/xml-resolver-1.2.jar 19:00:51 [INFO] Copying xmlschema-core-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/xmlschema-core-2.3.1.jar 19:00:51 [INFO] Copying asm-9.7.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/asm-9.7.jar 19:00:51 [INFO] 19:00:51 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 19:00:51 [INFO] Building dependencies.commons 1.0 [8/71] 19:00:51 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:52 [INFO] 19:00:52 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.commons --- 19:00:52 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 19:00:52 [INFO] 19:00:52 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 19:00:52 [INFO] Copying commons-beanutils-1.9.4.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-beanutils-1.9.4.jar 19:00:52 [INFO] Copying commons-chain-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-chain-1.2.jar 19:00:52 [INFO] Copying commons-cli-1.5.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-cli-1.5.0.jar 19:00:52 [INFO] Copying commons-codec-1.15.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-codec-1.15.jar 19:00:52 [INFO] Copying commons-collections-3.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-collections-3.2.2.jar 19:00:52 [INFO] Copying commons-collections4-4.4.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-collections4-4.4.jar 19:00:52 [INFO] Copying commons-compress-1.26.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-compress-1.26.0.jar 19:00:52 [INFO] Copying commons-csv-1.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-csv-1.9.0.jar 19:00:52 [INFO] Copying commons-dbcp2-2.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-dbcp2-2.9.0.jar 19:00:52 [INFO] Copying commons-digester-2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-digester-2.1.jar 19:00:52 [INFO] Copying commons-discovery-0.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-discovery-0.5.jar 19:00:52 [INFO] Copying commons-email-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-email-1.5.jar 19:00:52 [INFO] Copying commons-fileupload-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-fileupload-1.5.jar 19:00:52 [INFO] Copying commons-io-2.15.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-io-2.15.1.jar 19:00:52 [INFO] Copying commons-lang-2.6.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-lang-2.6.jar 19:00:52 [INFO] Copying commons-lang3-3.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-lang3-3.12.0.jar 19:00:52 [INFO] Copying commons-logging-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-logging-1.2.jar 19:00:52 [INFO] Copying commons-math3-3.6.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-math3-3.6.1.jar 19:00:52 [INFO] Copying commons-net-3.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-net-3.9.0.jar 19:00:52 [INFO] Copying commons-pool2-2.11.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-pool2-2.11.1.jar 19:00:52 [INFO] Copying commons-validator-1.7.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-validator-1.7.jar 19:00:52 [INFO] 19:00:52 [INFO] ---------------< org.openspcoop2:org.openspcoop2.faces >---------------- 19:00:52 [INFO] Building dependencies.faces 1.0 [9/71] 19:00:52 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:52 [INFO] 19:00:52 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.faces --- 19:00:52 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/faces (includes = [*.jar], excludes = []) 19:00:52 [INFO] 19:00:52 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.faces --- 19:00:52 [INFO] Copying facelets-taglib-jsf12-spring-4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/facelets-taglib-jsf12-spring-4-gov4j-1.jar 19:00:52 [INFO] Copying facelets-taglib-jsf20-spring-4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/facelets-taglib-jsf20-spring-4-gov4j-1.jar 19:00:52 [INFO] Copying aopalliance-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/aopalliance-1.0.jar 19:00:52 [INFO] Copying cglib-nodep-2.2.3.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/cglib-nodep-2.2.3.jar 19:00:52 [INFO] Copying el-impl-2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/el-impl-2.2.jar 19:00:52 [INFO] Copying javax.faces-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.faces-2.4.0.jar 19:00:52 [INFO] Copying javax.servlet.jsp.jstl-1.2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.servlet.jsp.jstl-1.2.1.jar 19:00:52 [INFO] Copying javax.servlet.jsp.jstl-api-1.2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.servlet.jsp.jstl-api-1.2.1.jar 19:00:52 [INFO] Copying jsf-api-1.2_15-06.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-api-1.2_15-06.jar 19:00:52 [INFO] Copying jsf-impl-1.2_15-06.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-impl-1.2_15-06.jar 19:00:52 [INFO] Copying jsf-facelets-1.1.15.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-facelets-1.1.15.jar 19:00:52 [INFO] Copying jsr311-api-1.1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsr311-api-1.1.1.jar 19:00:52 [INFO] Copying richfaces-api-3.3.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-api-3.3.4.Final.jar 19:00:52 [INFO] Copying richfaces-impl-3.3.4.Final-gov4j-4.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-impl-3.3.4.Final-gov4j-4.jar 19:00:52 [INFO] Copying richfaces-impl-jsf2-3.3.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-impl-jsf2-3.3.4.Final.jar 19:00:52 [INFO] Copying richfaces-ui-3.3.4.Final-gov4j-4.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-ui-3.3.4.Final-gov4j-4.jar 19:00:52 [INFO] 19:00:52 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 19:00:52 [INFO] Building dependencies.git 1.0 [10/71] 19:00:52 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:52 [INFO] 19:00:52 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.git --- 19:00:52 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 19:00:52 [INFO] 19:00:52 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 19:00:52 [INFO] Copying openspcoop2_git-task-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/git/openspcoop2_git-task-1.0.jar 19:00:52 [INFO] Copying org.eclipse.jgit-6.7.0.202309050840-r.jar to /var/lib/jenkins/workspace/GovWay/lib/git/org.eclipse.jgit-6.7.0.202309050840-r.jar 19:00:52 [INFO] 19:00:52 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 19:00:52 [INFO] Building dependencies.httpcore 1.0 [11/71] 19:00:52 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:52 [INFO] 19:00:52 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.httpcore --- 19:00:52 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 19:00:52 [INFO] 19:00:52 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 19:00:52 [INFO] Copying httpcore-4.4.15.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-4.4.15.jar 19:00:52 [INFO] Copying httpcore-nio-4.4.15.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-nio-4.4.15.jar 19:00:52 [INFO] Copying httpcore-ab-4.4.15-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-ab-4.4.15-gov4j-2.jar 19:00:53 [INFO] Copying apache-mime4j-core-0.8.10.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/apache-mime4j-core-0.8.10.jar 19:00:53 [INFO] Copying apache-mime4j-dom-0.8.10.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/apache-mime4j-dom-0.8.10.jar 19:00:53 [INFO] Copying fluent-hc-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/fluent-hc-4.5.13.jar 19:00:53 [INFO] Copying httpclient-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-4.5.13.jar 19:00:53 [INFO] Copying httpclient-cache-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-cache-4.5.13.jar 19:00:53 [INFO] Copying httpclient-win-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-win-4.5.13.jar 19:00:53 [INFO] Copying httpmime-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpmime-4.5.13.jar 19:00:53 [INFO] Copying httpasyncclient-4.1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpasyncclient-4.1.5.jar 19:00:53 [INFO] Copying httpasyncclient-cache-4.1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpasyncclient-cache-4.1.5.jar 19:00:53 [INFO] 19:00:53 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 19:00:53 [INFO] Building dependencies.jackson 1.0 [12/71] 19:00:53 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:53 [INFO] 19:00:53 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jackson --- 19:00:53 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 19:00:53 [INFO] 19:00:53 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 19:00:53 [INFO] Copying jackson-annotations-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-annotations-2.14.2.jar 19:00:53 [INFO] Copying jackson-core-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-core-2.14.2.jar 19:00:53 [INFO] Copying jackson-databind-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-databind-2.14.2.jar 19:00:53 [INFO] Copying jackson-dataformat-xml-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-dataformat-xml-2.14.2.jar 19:00:53 [INFO] Copying jackson-dataformat-yaml-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-dataformat-yaml-2.14.2.jar 19:00:53 [INFO] Copying jackson-jaxrs-base-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-base-2.14.2.jar 19:00:53 [INFO] Copying jackson-jaxrs-json-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-json-provider-2.14.2.jar 19:00:53 [INFO] Copying jackson-jaxrs-xml-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-xml-provider-2.14.2.jar 19:00:53 [INFO] Copying jackson-jaxrs-yaml-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-yaml-provider-2.14.2.jar 19:00:53 [INFO] Copying jackson-module-jaxb-annotations-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-module-jaxb-annotations-2.14.2.jar 19:00:53 [INFO] Copying jackson-module-jsonSchema-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-module-jsonSchema-2.14.2.jar 19:00:53 [INFO] Copying jackson-datatype-joda-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-datatype-joda-2.14.2.jar 19:00:53 [INFO] Copying jackson-datatype-jsr310-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-datatype-jsr310-2.14.2.jar 19:00:53 [INFO] Copying jackson-coreutils-1.8.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-coreutils-1.8.jar 19:00:53 [INFO] 19:00:53 [INFO] ---------------< org.openspcoop2:org.openspcoop2.javax >---------------- 19:00:53 [INFO] Building dependencies.javax 1.0 [13/71] 19:00:53 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:53 [INFO] 19:00:53 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.javax --- 19:00:53 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/javax (includes = [*.jar], excludes = []) 19:00:53 [INFO] 19:00:53 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.javax --- 19:00:53 [INFO] Copying javax.management-1.0-gov4j.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.management-1.0-gov4j.jar 19:00:53 [INFO] Copying javax.xml.registry-api-1.0.8.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.xml.registry-api-1.0.8.jar 19:00:53 [INFO] Copying jta-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/jta-1.1.jar 19:00:53 [INFO] Copying javax.servlet-api-4.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.servlet-api-4.0.1.jar 19:00:53 [INFO] Copying javax.security.jacc-api-1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.security.jacc-api-1.6.jar 19:00:53 [INFO] Copying javax.resource-api-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.resource-api-1.7.1.jar 19:00:53 [INFO] Copying persistence-api-1.0.2.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/persistence-api-1.0.2.jar 19:00:53 [INFO] Copying javax.jms-api-2.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.jms-api-2.0.1.jar 19:00:53 [INFO] Copying deployment-api-1.2-rev-1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/deployment-api-1.2-rev-1.jar 19:00:53 [INFO] Copying ejb-api-3.0.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/ejb-api-3.0.jar 19:00:53 [INFO] Copying el-api-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/el-api-1.0.jar 19:00:53 [INFO] Copying javax.annotation-api-1.3.2.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.annotation-api-1.3.2.jar 19:00:53 [INFO] Copying validation-api-2.0.1.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/validation-api-2.0.1.Final.jar 19:00:53 [INFO] Copying openjdk-orb-8.1.9.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/openjdk-orb-8.1.9.Final.jar 19:00:53 [INFO] 19:00:53 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jax >----------------- 19:00:53 [INFO] Building dependencies.jax 1.0 [14/71] 19:00:53 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:53 [INFO] 19:00:53 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jax --- 19:00:53 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jax (includes = [*.jar], excludes = []) 19:00:53 [INFO] 19:00:53 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jax --- 19:00:53 [INFO] Copying jaxp-ri-1.4.5-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxp-ri-1.4.5-gov4j-1.jar 19:00:53 [INFO] Copying jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar 19:00:53 [INFO] Copying jaxws-api-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-api-2.3.1.jar 19:00:53 [INFO] Copying jaxb-api-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-api-2.3.1.jar 19:00:53 [INFO] Copying jaxb-core-2.3.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-core-2.3.0.1.jar 19:00:53 [INFO] Copying jaxb-impl-2.3.7.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-impl-2.3.7.jar 19:00:53 [INFO] Copying jaxb-xjc-2.3.7.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-xjc-2.3.7.jar 19:00:53 [INFO] 19:00:53 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.jax --- 19:00:53 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-jsr181-api-2.3.1.jar 19:00:53 [INFO] 19:00:53 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 19:00:53 [INFO] Building dependencies.jetty 1.0 [15/71] 19:00:53 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:54 [INFO] 19:00:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jetty --- 19:00:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 19:00:54 [INFO] 19:00:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 19:00:54 [INFO] Copying jetty-http-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-http-10.0.24.jar 19:00:54 [INFO] Copying jetty-io-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-io-10.0.24.jar 19:00:54 [INFO] Copying jetty-security-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-security-10.0.24.jar 19:00:54 [INFO] Copying jetty-server-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-server-10.0.24.jar 19:00:54 [INFO] Copying jetty-util-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-util-10.0.24.jar 19:00:54 [INFO] 19:00:54 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jminix >--------------- 19:00:54 [INFO] Building dependencies.jminix 1.0 [16/71] 19:00:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:54 [INFO] 19:00:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jminix --- 19:00:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jminix (includes = [*.jar], excludes = []) 19:00:54 [INFO] 19:00:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jminix --- 19:00:54 [INFO] Copying jminix-standalone-1.2.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-standalone-1.2.0-gov4j-1.jar 19:00:54 [INFO] Copying jminix-1.2.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-1.2.0-gov4j-1.jar 19:00:54 [INFO] Copying org.restlet-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet-2.4.0.jar 19:00:54 [INFO] Copying org.restlet.ext.servlet-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet.ext.servlet-2.4.0.jar 19:00:54 [INFO] Copying org.restlet.ext.velocity-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet.ext.velocity-2.4.0.jar 19:00:54 [INFO] 19:00:54 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 19:00:54 [INFO] Building dependencies.json 1.0 [17/71] 19:00:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:54 [INFO] 19:00:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.json --- 19:00:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 19:00:54 [INFO] 19:00:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 19:00:54 [INFO] Copying org.everit.json.schema-1.14.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/org.everit.json.schema-1.14.1.jar 19:00:54 [INFO] Copying uri-template-0.9.jar to /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.9.jar 19:00:54 [INFO] Copying json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar 19:00:54 [INFO] Copying itu-1.7.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/itu-1.7.0.jar 19:00:54 [INFO] Copying msg-simple-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/msg-simple-1.1.jar 19:00:54 [INFO] Copying libphonenumber-8.12.57.jar to /var/lib/jenkins/workspace/GovWay/lib/json/libphonenumber-8.12.57.jar 19:00:54 [INFO] Copying failureaccess-1.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/failureaccess-1.0.1.jar 19:00:54 [INFO] Copying json-smart-2.4.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-smart-2.4.10.jar 19:00:54 [INFO] Copying json-schema-core-1.2.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.8.jar 19:00:54 [INFO] Copying json-path-2.9.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0-gov4j-1.jar 19:00:54 [INFO] Copying json-lib-2.4-jdk15.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-lib-2.4-jdk15.jar 19:00:54 [INFO] Copying json-20231013.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-20231013.jar 19:00:54 [INFO] Copying jettison-1.5.4.jar to /var/lib/jenkins/workspace/GovWay/lib/json/jettison-1.5.4.jar 19:00:54 [INFO] Copying handy-uri-templates-2.1.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/handy-uri-templates-2.1.8.jar 19:00:54 [INFO] Copying json-schema-validator-2.2.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.10.jar 19:00:54 [INFO] Copying btf-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/json/btf-1.2.jar 19:00:54 [INFO] Copying accessors-smart-2.4.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/accessors-smart-2.4.8.jar 19:00:54 [INFO] 19:00:54 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.json --- 19:00:54 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.0.73.jar 19:00:54 [INFO] 19:00:54 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 19:00:54 [INFO] Building dependencies.log 1.0 [18/71] 19:00:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:54 [INFO] 19:00:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.log --- 19:00:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 19:00:54 [INFO] 19:00:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 19:00:54 [INFO] Copying slf4j-api-2.0.3-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.3-gov4j-1.jar 19:00:54 [INFO] Copying log4j-1.2-api-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-1.2-api-2.19.0.jar 19:00:54 [INFO] Copying log4j-api-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-api-2.19.0.jar 19:00:54 [INFO] Copying log4j-core-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-core-2.19.0.jar 19:00:54 [INFO] Copying log4j-jcl-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-jcl-2.19.0.jar 19:00:54 [INFO] Copying log4j-slf4j2-impl-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-slf4j2-impl-2.19.0.jar 19:00:54 [INFO] 19:00:54 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 19:00:54 [INFO] Building dependencies.lucene 1.0 [19/71] 19:00:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:54 [INFO] 19:00:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.lucene --- 19:00:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 19:00:54 [INFO] 19:00:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 19:00:54 [INFO] Copying lucene-codecs-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-codecs-9.12.0.jar 19:00:54 [INFO] Copying lucene-core-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-core-9.12.0.jar 19:00:54 [INFO] Copying lucene-misc-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-misc-9.12.0.jar 19:00:54 [INFO] Copying lucene-queries-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-queries-9.12.0.jar 19:00:54 [INFO] Copying lucene-suggest-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-suggest-9.12.0.jar 19:00:54 [INFO] 19:00:54 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 19:00:54 [INFO] Building dependencies.swagger 1.0 [20/71] 19:00:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:54 [INFO] 19:00:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.openapi4j --- 19:00:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 19:00:54 [INFO] 19:00:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 19:00:54 [INFO] Copying openapi-core-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7-gov4j-7.jar 19:00:54 [INFO] Copying openapi-parser-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7-gov4j-7.jar 19:00:54 [INFO] Copying openapi-schema-validator-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7-gov4j-7.jar 19:00:54 [INFO] Copying openapi-operation-validator-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7-gov4j-7.jar 19:00:54 [INFO] 19:00:54 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 19:00:54 [INFO] Building dependencies.opensaml 1.0 [21/71] 19:00:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:54 [INFO] 19:00:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.opensaml --- 19:00:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 19:00:54 [INFO] 19:00:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 19:00:54 [INFO] Copying opensaml-core-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-core-3.4.6.jar 19:00:54 [INFO] Copying opensaml-messaging-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-messaging-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-messaging-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-messaging-impl-3.4.6.jar 19:00:54 [INFO] Copying opensaml-profile-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-profile-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-profile-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-profile-impl-3.4.6.jar 19:00:54 [INFO] Copying opensaml-saml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-saml-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-saml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-saml-impl-3.4.6.jar 19:00:54 [INFO] Copying opensaml-security-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-security-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-security-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-security-impl-3.4.6.jar 19:00:54 [INFO] Copying opensaml-soap-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-soap-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-soap-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-soap-impl-3.4.6.jar 19:00:54 [INFO] Copying opensaml-storage-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-storage-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-storage-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-storage-impl-3.4.6.jar 19:00:54 [INFO] Copying opensaml-xacml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-xacml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-impl-3.4.6.jar 19:00:54 [INFO] Copying opensaml-xacml-saml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-saml-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-xacml-saml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-saml-impl-3.4.6.jar 19:00:54 [INFO] Copying opensaml-xmlsec-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xmlsec-api-3.4.6.jar 19:00:54 [INFO] Copying opensaml-xmlsec-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xmlsec-impl-3.4.6.jar 19:00:54 [INFO] Copying java-support-7.5.2.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/java-support-7.5.2.jar 19:00:54 [INFO] 19:00:54 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 19:00:54 [INFO] Building dependencies.pdf 1.0 [22/71] 19:00:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:54 [INFO] 19:00:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.pdf --- 19:00:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 19:00:54 [INFO] 19:00:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 19:00:54 [INFO] Copying pdfbox-2.0.27.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/pdfbox-2.0.27.jar 19:00:54 [INFO] Copying fontbox-2.0.27.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/fontbox-2.0.27.jar 19:00:54 [INFO] Copying boxable-1.7.0.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/boxable-1.7.0.jar 19:00:54 [INFO] 19:00:54 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 19:00:54 [INFO] Building dependencies.redis 1.0 [23/71] 19:00:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:55 [INFO] 19:00:55 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.redis --- 19:00:55 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 19:00:55 [INFO] 19:00:55 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 19:00:55 [INFO] Copying redisson-3.23.5.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/redisson-3.23.5.jar 19:00:55 [INFO] Copying netty-resolver-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-resolver-4.1.115.Final.jar 19:00:55 [INFO] Copying netty-resolver-dns-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-resolver-dns-4.1.115.Final.jar 19:00:55 [INFO] Copying netty-common-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-common-4.1.115.Final.jar 19:00:55 [INFO] Copying netty-buffer-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-buffer-4.1.115.Final.jar 19:00:55 [INFO] Copying netty-transport-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-transport-4.1.115.Final.jar 19:00:55 [INFO] Copying netty-codec-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-codec-4.1.115.Final.jar 19:00:55 [INFO] Copying netty-codec-dns-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-codec-dns-4.1.115.Final.jar 19:00:55 [INFO] Copying jboss-marshalling-2.1.3.SP1.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/jboss-marshalling-2.1.3.SP1.jar 19:00:55 [INFO] Copying jboss-marshalling-river-2.1.3.SP1.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/jboss-marshalling-river-2.1.3.SP1.jar 19:00:55 [INFO] Copying objenesis-3.3.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/objenesis-3.3.jar 19:00:55 [INFO] Copying kryo-5.5.0.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/kryo-5.5.0.jar 19:00:55 [INFO] 19:00:55 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 19:00:55 [INFO] Building dependencies.reports 1.0 [24/71] 19:00:55 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:55 [INFO] 19:00:55 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.reports --- 19:00:55 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 19:00:55 [INFO] 19:00:55 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 19:00:55 [INFO] Copying net.tascalate.javaflow.api-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/net.tascalate.javaflow.api-2.7.3.jar 19:00:55 [INFO] Copying SparseBitSet-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/SparseBitSet-1.2.jar 19:00:55 [INFO] Copying jfreechart-1.5.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jfreechart-1.5.3.jar 19:00:55 [INFO] Copying poi-5.2.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/poi-5.2.3.jar 19:00:55 [INFO] Copying jcommon-1.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jcommon-1.0.24.jar 19:00:55 [INFO] Copying jasperreports-6.20.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jasperreports-6.20.0.jar 19:00:55 [INFO] Copying jasperreports-metadata-6.20.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jasperreports-metadata-6.20.0.jar 19:00:55 [INFO] Copying ecj-3.31.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/ecj-3.31.0.jar 19:00:55 [INFO] Copying dynamicreports-core-6.12.1.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/dynamicreports-core-6.12.1.jar 19:00:55 [INFO] 19:00:55 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 19:00:55 [INFO] Building dependencies.saaj 1.0 [25/71] 19:00:55 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:55 [INFO] 19:00:55 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.saaj --- 19:00:55 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 19:00:55 [INFO] 19:00:55 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 19:00:55 [INFO] Copying mimepull-1.9.14.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/mimepull-1.9.14.jar 19:00:55 [INFO] Copying javax.xml.soap-api-1.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/javax.xml.soap-api-1.4.0.jar 19:00:55 [INFO] Copying saaj-impl-1.5.3-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-1.5.3-gov4j-1.jar 19:00:55 [INFO] Copying stax-ex-1.8.3.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/stax-ex-1.8.3.jar 19:00:55 [INFO] 19:00:55 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 19:00:55 [INFO] Building dependencies.security 1.0 [26/71] 19:00:55 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:55 [INFO] 19:00:55 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.security --- 19:00:55 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 19:00:55 [INFO] 19:00:55 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 19:00:55 [INFO] Copying bcpkix-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcpkix-jdk18on-1.78.1.jar 19:00:55 [INFO] Copying bcprov-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcprov-jdk18on-1.78.1.jar 19:00:55 [INFO] Copying bcutil-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcutil-jdk18on-1.78.1.jar 19:00:55 [INFO] Copying cryptacular-1.2.5.jar to /var/lib/jenkins/workspace/GovWay/lib/security/cryptacular-1.2.5.jar 19:00:55 [INFO] Copying herasaf-xacml-core-2.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/security/herasaf-xacml-core-2.0.4.jar 19:00:55 [INFO] Copying jasypt-1.9.3.jar to /var/lib/jenkins/workspace/GovWay/lib/security/jasypt-1.9.3.jar 19:00:55 [INFO] Copying neethi-3.2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/security/neethi-3.2.0.jar 19:00:55 [INFO] Copying xmlsec-2.3.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/xmlsec-2.3.4-gov4j-1.jar 19:00:55 [INFO] Copying xml-security-impl-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/security/xml-security-impl-1.0.jar 19:00:55 [INFO] Copying nimbus-jose-jwt-9.37.3.jar to /var/lib/jenkins/workspace/GovWay/lib/security/nimbus-jose-jwt-9.37.3.jar 19:00:55 [INFO] 19:00:55 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 19:00:55 [INFO] Building dependencies.shared 1.0 [27/71] 19:00:55 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:55 [INFO] 19:00:55 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.shared --- 19:00:55 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 19:00:55 [INFO] 19:00:55 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 19:00:55 [INFO] Copying xmldb-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmldb-1.0.jar 19:00:55 [INFO] Copying reflections-0.10.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/reflections-0.10.2.jar 19:00:55 [INFO] Copying reactive-streams-1.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/reactive-streams-1.0.4.jar 19:00:55 [INFO] Copying javassist-3.29.2-GA.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/javassist-3.29.2-GA.jar 19:00:55 [INFO] Copying commons-jcs3-core-3.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/commons-jcs3-core-3.1-gov4j-2.jar 19:00:55 [INFO] Copying urlrewritefilter-4.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/urlrewritefilter-4.0.4.jar 19:00:55 [INFO] Copying velocity-engine-core-2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-engine-core-2.4.jar 19:00:55 [INFO] Copying velocity-tools-generic-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-generic-3.1.jar 19:00:55 [INFO] Copying velocity-tools-view-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-view-3.1.jar 19:00:55 [INFO] Copying velocity-tools-view-jsp-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-view-jsp-3.1.jar 19:00:55 [INFO] Copying wsdl4j-1.6.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/wsdl4j-1.6.3.jar 19:00:55 [INFO] Copying xalan-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xalan-2.7.3.jar 19:00:55 [INFO] Copying serializer-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/serializer-2.7.3.jar 19:00:55 [INFO] Copying xercesImpl-2.12.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xercesImpl-2.12.2.jar 19:00:55 [INFO] Copying xml-apis-1.4.01.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xml-apis-1.4.01.jar 19:00:55 [INFO] Copying xmlunit-legacy-2.10.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlunit-legacy-2.10.0.jar 19:00:55 [INFO] Copying xmlunit-core-2.10.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlunit-core-2.10.0.jar 19:00:55 [INFO] Copying xom-1.2.11.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xom-1.2.11.jar 19:00:55 [INFO] Copying uddi4j-2.0.5.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/uddi4j-2.0.5.jar 19:00:55 [INFO] Copying mailapi-1.6.7.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/mailapi-1.6.7.jar 19:00:55 [INFO] Copying smtp-1.6.7.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/smtp-1.6.7.jar 19:00:55 [INFO] Copying Saxon-HE-11.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-11.4-gov4j-1.jar 19:00:56 [INFO] Copying xmlresolver-4.4.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlresolver-4.4.3.jar 19:00:56 [INFO] Copying snakeyaml-1.33-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-1.33-gov4j-1.jar 19:00:56 [INFO] Copying struts-core-1.3.10.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/struts-core-1.3.10.jar 19:00:56 [INFO] Copying com.springsource.edu.oswego.cs.dl.util.concurrent-1.3.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/com.springsource.edu.oswego.cs.dl.util.concurrent-1.3.4.jar 19:00:56 [INFO] Copying ezmorph-1.0.6.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/ezmorph-1.0.6.jar 19:00:56 [INFO] Copying freemarker-2.3.31.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/freemarker-2.3.31.jar 19:00:56 [INFO] Copying guava-32.1.1-jre.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/guava-32.1.1-jre.jar 19:00:56 [INFO] Copying java-uuid-generator-4.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/java-uuid-generator-4.0.1.jar 19:00:56 [INFO] Copying joda-time-2.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/joda-time-2.12.0.jar 19:00:56 [INFO] Copying aspectjrt-1.9.9.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/aspectjrt-1.9.9.1.jar 19:00:56 [INFO] Copying aspectjweaver-1.9.9.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/aspectjweaver-1.9.9.1.jar 19:00:56 [INFO] Copying jakarta.activation-1.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/jakarta.activation-1.2.2.jar 19:00:56 [INFO] Copying ehcache-3.10.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/ehcache-3.10.2.jar 19:00:56 [INFO] Copying rhino-1.7.14.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/rhino-1.7.14.jar 19:00:56 [INFO] Copying hazelcast-5.3.5.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/hazelcast-5.3.5.jar 19:00:56 [INFO] Copying hibernate-core-6.1.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/hibernate-core-6.1.4.Final.jar 19:00:56 [INFO] 19:00:56 [INFO] --------------< org.openspcoop2:org.openspcoop2.soapbox >--------------- 19:00:56 [INFO] Building dependencies.soapbox 1.0 [28/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:56 [INFO] 19:00:56 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.soapbox --- 19:00:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/soapbox (includes = [*.jar], excludes = []) 19:00:56 [INFO] 19:00:56 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.soapbox --- 19:00:56 [INFO] Copying metro-webservices_xwss_com_sun_xml-2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/metro-webservices_xwss_com_sun_xml-2.2.jar 19:00:56 [INFO] Copying ultraesb-api-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/ultraesb-api-1.7.1.jar 19:00:56 [INFO] Copying ultraesb-core-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/ultraesb-core-1.7.1.jar 19:00:56 [INFO] 19:00:56 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 19:00:56 [INFO] Building dependencies.spring 1.0 [29/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:56 [INFO] 19:00:56 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring --- 19:00:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 19:00:56 [INFO] 19:00:56 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 19:00:56 [INFO] Copying spring-aop-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-aop-5.3.39.jar 19:00:56 [INFO] Copying spring-aspects-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-aspects-5.3.39.jar 19:00:56 [INFO] Copying spring-beans-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-beans-5.3.39-gov4j-1.jar 19:00:56 [INFO] Copying spring-context-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-5.3.39-gov4j-1.jar 19:00:56 [INFO] Copying spring-context-support-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-support-5.3.39-gov4j-1.jar 19:00:56 [INFO] Copying spring-core-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-core-5.3.39-gov4j-1.jar 19:00:56 [INFO] Copying spring-expression-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-expression-5.3.39-gov4j-1.jar 19:00:56 [INFO] Copying spring-orm-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-orm-5.3.39.jar 19:00:56 [INFO] Copying spring-tx-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-tx-5.3.39.jar 19:00:56 [INFO] Copying spring-web-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-web-5.3.39-gov4j-1.jar 19:00:56 [INFO] 19:00:56 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 19:00:56 [INFO] Building dependencies.spring-ldap 1.0 [30/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:56 [INFO] 19:00:56 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring-ldap --- 19:00:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 19:00:56 [INFO] 19:00:56 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 19:00:56 [INFO] Copying spring-ldap-core-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-ldap/spring-ldap-core-2.4.2.jar 19:00:56 [INFO] Copying spring-ldap-ldif-core-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-ldap/spring-ldap-ldif-core-2.4.2.jar 19:00:56 [INFO] 19:00:56 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 19:00:56 [INFO] Building dependencies.spring-security 1.0 [31/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:56 [INFO] 19:00:56 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring-security --- 19:00:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 19:00:56 [INFO] 19:00:56 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 19:00:56 [INFO] Copying spring-security-config-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-config-5.8.15.jar 19:00:56 [INFO] Copying spring-security-core-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-core-5.8.15.jar 19:00:56 [INFO] Copying spring-security-web-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-web-5.8.15.jar 19:00:56 [INFO] Copying spring-security-crypto-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-crypto-5.8.15.jar 19:00:56 [INFO] 19:00:56 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 19:00:56 [INFO] Building dependencies.swagger 1.0 [32/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:56 [INFO] 19:00:56 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.swagger --- 19:00:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 19:00:56 [INFO] 19:00:56 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 19:00:56 [INFO] Copying swagger-ui-4.19.1.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-ui-4.19.1.jar 19:00:56 [INFO] Copying classgraph-4.8.149.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/classgraph-4.8.149.jar 19:00:56 [INFO] Copying swagger-annotations-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-annotations-2.2.4.jar 19:00:56 [INFO] Copying swagger-core-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-core-2.2.4.jar 19:00:56 [INFO] Copying swagger-jaxrs2-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-jaxrs2-2.2.4.jar 19:00:56 [INFO] Copying swagger-models-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-models-2.2.4.jar 19:00:56 [INFO] Copying swagger-integration-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-integration-2.2.4.jar 19:00:56 [INFO] Copying swagger-parser-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-2.1.6.jar 19:00:56 [INFO] Copying swagger-parser-core-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-core-2.1.6.jar 19:00:56 [INFO] Copying swagger-parser-v2-converter-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v2-converter-2.1.6.jar 19:00:56 [INFO] Copying swagger-parser-v3-2.1.6-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.6-gov4j-1.jar 19:00:56 [INFO] Copying swagger-core-1.6.8.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-core-1.6.8.jar 19:00:56 [INFO] Copying swagger-models-1.6.8.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-models-1.6.8.jar 19:00:56 [INFO] Copying swagger-parser-1.0.63.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-1.0.63.jar 19:00:56 [INFO] Copying swagger-request-validator-core-2.30.0-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.30.0-gov4j-2.jar 19:00:56 [INFO] 19:00:56 [INFO] ----------------< org.openspcoop2:org.openspcoop2.wadl >---------------- 19:00:56 [INFO] Building dependencies.wadl 1.0 [33/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:56 [INFO] 19:00:56 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.wadl --- 19:00:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wadl (includes = [*.jar], excludes = []) 19:00:56 [INFO] 19:00:56 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wadl --- 19:00:56 [INFO] Copying localizer-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/localizer-1.0.jar 19:00:56 [INFO] Copying wadl-core-1.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/wadl-core-1.1.6.jar 19:00:56 [INFO] Copying wadl-xslt-1.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/wadl-xslt-1.1.6.jar 19:00:56 [INFO] 19:00:56 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 19:00:56 [INFO] Building dependencies.wss4j 1.0 [34/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:56 [INFO] 19:00:56 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.wss4j --- 19:00:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 19:00:56 [INFO] 19:00:56 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 19:00:56 [INFO] Copying wss4j-bindings-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-bindings-2.4.1.jar 19:00:56 [INFO] Copying wss4j-integration-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-integration-2.4.1.jar 19:00:56 [INFO] Copying wss4j-policy-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-policy-2.4.1.jar 19:00:56 [INFO] Copying wss4j-ws-security-common-2.4.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-2.4.1-gov4j-2.jar 19:00:56 [INFO] Copying wss4j-ws-security-dom-2.4.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-2.4.1-gov4j-2.jar 19:00:56 [INFO] Copying wss4j-ws-security-policy-stax-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-policy-stax-2.4.1.jar 19:00:56 [INFO] Copying wss4j-ws-security-stax-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-stax-2.4.1.jar 19:00:56 [INFO] 19:00:56 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 19:00:56 [INFO] Building dependencies.testsuite 1.0 [35/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:56 [INFO] 19:00:56 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 19:00:56 [INFO] Building dependencies.testsuite.axis14 1.0 [36/71] 19:00:56 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 19:00:57 [INFO] Copying axis-1.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4-gov4j-1.jar 19:00:57 [INFO] Copying axis-jaxrpc-1.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4-gov4j-1.jar 19:00:57 [INFO] Copying axis-ant-1.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-ant-1.4.jar 19:00:57 [INFO] Copying axis-saaj-1.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-saaj-1.4.jar 19:00:57 [INFO] Copying mailapi-1.5.6.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/mailapi-1.5.6.jar 19:00:57 [INFO] Copying neethi-2.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/neethi-2.0.4.jar 19:00:57 [INFO] Copying opensaml-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/opensaml-1.1.jar 19:00:57 [INFO] Copying wss4j-1.5.11.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/wss4j-1.5.11.jar 19:00:57 [INFO] Copying xmlsec-1.4.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/xmlsec-1.4.4.jar 19:00:57 [INFO] Copying addressing-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/addressing-1.1.jar 19:00:57 [INFO] 19:00:57 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 19:00:57 [INFO] Building dependencies.testsuite.as 1.0 [37/71] 19:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly8 >-- 19:00:57 [INFO] Building dependencies.testsuite.as.wildfly8 1.0 [38/71] 19:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly8 --- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly8 --- 19:00:57 [INFO] Copying jboss-client-wf8.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly8/jboss-client-wf8.jar 19:00:57 [INFO] 19:00:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly9 >-- 19:00:57 [INFO] Building dependencies.testsuite.as.wildfly9 1.0 [39/71] 19:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 19:00:57 [INFO] Copying jboss-client-wf9.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly9/jboss-client-wf9.jar 19:00:57 [INFO] 19:00:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly10 >-- 19:00:57 [INFO] Building dependencies.testsuite.as.wildfly10 1.0 [40/71] 19:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 19:00:57 [INFO] Copying jboss-client-wf10.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly10/jboss-client-wf10.jar 19:00:57 [INFO] 19:00:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly11 >-- 19:00:57 [INFO] Building dependencies.testsuite.as.wildfly11 1.0 [41/71] 19:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 19:00:57 [INFO] Copying jboss-client-wf11.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly11/jboss-client-wf11.jar 19:00:57 [INFO] 19:00:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly12 >-- 19:00:57 [INFO] Building dependencies.testsuite.as.wildfly12 1.0 [42/71] 19:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 19:00:57 [INFO] Copying jboss-client-wf12.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly12/jboss-client-wf12.jar 19:00:57 [INFO] Copying javax.json-api-1.1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly12/javax.json-api-1.1.2.jar 19:00:57 [INFO] 19:00:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly13 >-- 19:00:57 [INFO] Building dependencies.testsuite.as.wildfly13 1.0 [43/71] 19:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 19:00:57 [INFO] Copying jboss-client-wf13.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly13/jboss-client-wf13.jar 19:00:57 [INFO] Copying javax.json-api-1.1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly13/javax.json-api-1.1.2.jar 19:00:57 [INFO] 19:00:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly14 >-- 19:00:57 [INFO] Building dependencies.testsuite.as.wildfly14 1.0 [44/71] 19:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 19:00:57 [INFO] 19:00:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 19:00:57 [INFO] Copying jboss-client-wf14.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly14/jboss-client-wf14.jar 19:00:58 [INFO] 19:00:58 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly15 >-- 19:00:58 [INFO] Building dependencies.testsuite.as.wildfly15 1.0 [45/71] 19:00:58 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:58 [INFO] 19:00:58 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 19:00:58 [INFO] 19:00:58 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 19:00:58 [INFO] Copying jboss-client-wf15.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly15/jboss-client-wf15.jar 19:00:58 [INFO] 19:00:58 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly16 >-- 19:00:58 [INFO] Building dependencies.testsuite.as.wildfly16 1.0 [46/71] 19:00:58 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:58 [INFO] 19:00:58 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 19:00:58 [INFO] 19:00:58 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 19:00:58 [INFO] Copying jboss-client-wf16.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly16/jboss-client-wf16.jar 19:00:58 [INFO] 19:00:58 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly17 >-- 19:00:58 [INFO] Building dependencies.testsuite.as.wildfly17 1.0 [47/71] 19:00:58 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:58 [INFO] 19:00:58 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 19:00:58 [INFO] 19:00:58 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 19:00:58 [INFO] Copying jboss-client-wf17.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly17/jboss-client-wf17.jar 19:00:58 [INFO] 19:00:58 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly18 >-- 19:00:58 [INFO] Building dependencies.testsuite.as.wildfly18 1.0 [48/71] 19:00:58 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:58 [INFO] 19:00:58 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 19:00:58 [INFO] 19:00:58 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 19:00:58 [INFO] Copying jboss-client-wf18.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly18/jboss-client-wf18.jar 19:00:59 [INFO] 19:00:59 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly19 >-- 19:00:59 [INFO] Building dependencies.testsuite.as.wildfly19 1.0 [49/71] 19:00:59 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 19:00:59 [INFO] Copying jboss-client-wf19.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly19/jboss-client-wf19.jar 19:00:59 [INFO] 19:00:59 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly20 >-- 19:00:59 [INFO] Building dependencies.testsuite.as.wildfly20 1.0 [50/71] 19:00:59 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 19:00:59 [INFO] Copying jboss-client-wf20.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly20/jboss-client-wf20.jar 19:00:59 [INFO] 19:00:59 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly21 >-- 19:00:59 [INFO] Building dependencies.testsuite.as.wildfly21 1.0 [51/71] 19:00:59 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 19:00:59 [INFO] Copying jboss-client-wf21.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly21/jboss-client-wf21.jar 19:00:59 [INFO] 19:00:59 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly22 >-- 19:00:59 [INFO] Building dependencies.testsuite.as.wildfly22 1.0 [52/71] 19:00:59 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 19:00:59 [INFO] Copying jboss-client-wf22.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly22/jboss-client-wf22.jar 19:00:59 [INFO] 19:00:59 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly23 >-- 19:00:59 [INFO] Building dependencies.testsuite.as.wildfly23 1.0 [53/71] 19:00:59 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 19:00:59 [INFO] Copying jboss-client-wf23.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly23/jboss-client-wf23.jar 19:00:59 [INFO] 19:00:59 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly24 >-- 19:00:59 [INFO] Building dependencies.testsuite.as.wildfly24 1.0 [54/71] 19:00:59 [INFO] --------------------------------[ pom ]--------------------------------- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 19:00:59 [INFO] 19:00:59 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 19:00:59 [INFO] Copying jboss-client-wf24.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly24/jboss-client-wf24.jar 19:01:00 [INFO] 19:01:00 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly25 >-- 19:01:00 [INFO] Building dependencies.testsuite.as.wildfly25 1.0 [55/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 19:01:00 [INFO] Copying jboss-client-wf25.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly25/jboss-client-wf25.jar 19:01:00 [INFO] 19:01:00 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly26 >-- 19:01:00 [INFO] Building dependencies.testsuite.as.wildfly26 1.0 [56/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 19:01:00 [INFO] Copying jboss-client-wf26.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/wildfly26/jboss-client-wf26.jar 19:01:00 [INFO] 19:01:00 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat9 >-- 19:01:00 [INFO] Building dependencies.testsuite.as.tomcat9 1.0 [57/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 19:01:00 [INFO] Copying tomcat-catalina-9.0.83.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat9/tomcat-catalina-9.0.83.jar 19:01:00 [INFO] Copying tomcat-juli-9.0.83.jar to /var/lib/jenkins/workspace/GovWay/lib/applicationServer/tomcat9/tomcat-juli-9.0.83.jar 19:01:00 [INFO] 19:01:00 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 19:01:00 [INFO] Building dependencies.testsuite.test 1.0 [58/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.test --- 19:01:00 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite (includes = [*.jar], excludes = []) 19:01:00 [INFO] 19:01:00 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test --- 19:01:00 [INFO] Copying jcommander-1.82.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/jcommander-1.82.jar 19:01:00 [INFO] Copying guice-5.1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/guice-5.1.0.jar 19:01:00 [INFO] Copying jquery-3.6.1.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/jquery-3.6.1.jar 19:01:00 [INFO] Copying testng-7.8.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng-7.8.0.jar 19:01:00 [INFO] Copying junit-4.13.2.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit-4.13.2.jar 19:01:00 [INFO] Copying karate-apache-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-apache-0.9.6.jar 19:01:00 [INFO] Copying karate-core-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-core-0.9.6.jar 19:01:00 [INFO] Copying karate-junit4-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-junit4-0.9.6.jar 19:01:00 [INFO] Copying hamcrest-core-1.3.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/hamcrest-core-1.3.jar 19:01:00 [INFO] Copying picocli-4.2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/picocli-4.2.0.jar 19:01:00 [INFO] Copying logback-classic-1.4.14.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback-classic-1.4.14.jar 19:01:00 [INFO] Copying logback-core-1.4.14.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback-core-1.4.14.jar 19:01:00 [INFO] Copying spring-jdbc-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-jdbc-5.3.39.jar 19:01:00 [INFO] Copying spring-ldap-test-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap-test-2.4.2.jar 19:01:00 [INFO] Copying apacheds-all-2.0.0.AM27-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds-all-2.0.0.AM27-gov4j-1.jar 19:01:00 [INFO] Copying slf4j-testng-2.0.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/slf4j-testng-2.0.0.jar 19:01:00 [INFO] 19:01:00 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 19:01:00 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [59/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 19:01:00 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 19:01:00 [INFO] 19:01:00 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 19:01:00 [INFO] Copying spotbugs-ant-4.8.6.jar to /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis/spotbugs-ant-4.8.6.jar 19:01:00 [INFO] Copying sonarqube-ant-task-2.7.1.1951.jar to /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis/sonarqube-ant-task-2.7.1.1951.jar 19:01:00 [INFO] 19:01:00 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 19:01:00 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [60/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 19:01:00 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 19:01:00 [INFO] 19:01:00 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 19:01:00 [INFO] Copying zap-clientapi-1.11.0.jar to /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis/zap-clientapi-1.11.0.jar 19:01:00 [INFO] 19:01:00 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 19:01:00 [INFO] Building dependencies.testsuite.coverage 1.0 [61/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 19:01:00 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 19:01:00 [INFO] 19:01:00 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 19:01:00 [INFO] Copying org.jacoco.agent-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.agent-0.8.8.jar 19:01:00 [INFO] Copying org.jacoco.ant-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.ant-0.8.8.jar 19:01:00 [INFO] Copying org.jacoco.core-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.core-0.8.8.jar 19:01:00 [INFO] Copying org.jacoco.report-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.report-0.8.8.jar 19:01:00 [INFO] Copying asm-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-9.5.jar 19:01:00 [INFO] Copying asm-commons-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-commons-9.5.jar 19:01:00 [INFO] Copying asm-tree-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-tree-9.5.jar 19:01:00 [INFO] 19:01:00 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 19:01:00 [INFO] Building compile 1.0 [62/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- 19:01:00 [INFO] Building package 1.0 [63/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- 19:01:00 [INFO] Building testsuite.utils 1.0 [64/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- 19:01:00 [INFO] Building testsuite.utils.sql 1.0 [65/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- 19:01:00 [INFO] Building testsuite.pdd.core 1.0 [66/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- 19:01:00 [INFO] Building testsuite.pdd.core.sql 1.0 [67/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ 19:01:00 [INFO] Building static_analysis.spotbugs 1.0 [68/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ 19:01:00 [INFO] Building static_analysis.sonarqube 1.0 [69/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- 19:01:00 [INFO] Building dynamic_analysis.zap 1.0 [70/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] 19:01:00 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- 19:01:00 [INFO] Building coverage.jacoco 1.0 [71/71] 19:01:00 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:00 [INFO] ------------------------------------------------------------------------ 19:01:00 [INFO] Reactor Summary for govway 1.0: 19:01:00 [INFO] 19:01:00 [INFO] govway ............................................. SUCCESS [ 0.003 s] 19:01:00 [INFO] dependencies ....................................... SUCCESS [ 0.000 s] 19:01:00 [INFO] dependencies.ant ................................... SUCCESS [ 1.907 s] 19:01:00 [INFO] dependencies.antinstaller .......................... SUCCESS [ 0.093 s] 19:01:00 [INFO] dependencies.axiom ................................. SUCCESS [ 0.043 s] 19:01:00 [INFO] dependencies.bean-validation ....................... SUCCESS [ 0.104 s] 19:01:00 [INFO] dependencies.cxf ................................... SUCCESS [ 0.533 s] 19:01:00 [INFO] dependencies.commons ............................... SUCCESS [ 0.497 s] 19:01:00 [INFO] dependencies.faces ................................. SUCCESS [ 0.489 s] 19:01:00 [INFO] dependencies.git ................................... SUCCESS [ 0.050 s] 19:01:00 [INFO] dependencies.httpcore .............................. SUCCESS [ 0.195 s] 19:01:00 [INFO] dependencies.jackson ............................... SUCCESS [ 0.202 s] 19:01:00 [INFO] dependencies.javax ................................. SUCCESS [ 0.151 s] 19:01:00 [INFO] dependencies.jax ................................... SUCCESS [ 0.477 s] 19:01:00 [INFO] dependencies.jetty ................................. SUCCESS [ 0.170 s] 19:01:00 [INFO] dependencies.jminix ................................ SUCCESS [ 0.041 s] 19:01:00 [INFO] dependencies.json .................................. SUCCESS [ 0.224 s] 19:01:00 [INFO] dependencies.log ................................... SUCCESS [ 0.084 s] 19:01:00 [INFO] dependencies.lucene ................................ SUCCESS [ 0.093 s] 19:01:00 [INFO] dependencies.swagger ............................... SUCCESS [ 0.050 s] 19:01:00 [INFO] dependencies.opensaml .............................. SUCCESS [ 0.192 s] 19:01:00 [INFO] dependencies.pdf ................................... SUCCESS [ 0.137 s] 19:01:00 [INFO] dependencies.redis ................................. SUCCESS [ 0.276 s] 19:01:00 [INFO] dependencies.reports ............................... SUCCESS [ 0.168 s] 19:01:00 [INFO] dependencies.saaj .................................. SUCCESS [ 0.064 s] 19:01:00 [INFO] dependencies.security .............................. SUCCESS [ 0.190 s] 19:01:00 [INFO] dependencies.shared ................................ SUCCESS [ 0.813 s] 19:01:00 [INFO] dependencies.soapbox ............................... SUCCESS [ 0.076 s] 19:01:00 [INFO] dependencies.spring ................................ SUCCESS [ 0.104 s] 19:01:00 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 0.015 s] 19:01:00 [INFO] dependencies.spring-security ....................... SUCCESS [ 0.037 s] 19:01:00 [INFO] dependencies.swagger ............................... SUCCESS [ 0.213 s] 19:01:00 [INFO] dependencies.wadl .................................. SUCCESS [ 0.030 s] 19:01:00 [INFO] dependencies.wss4j ................................. SUCCESS [ 0.087 s] 19:01:00 [INFO] dependencies.testsuite ............................. SUCCESS [ 0.000 s] 19:01:00 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 0.082 s] 19:01:00 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 0.001 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly8 ................. SUCCESS [ 0.051 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly9 ................. SUCCESS [ 0.104 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly10 ................ SUCCESS [ 0.101 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly11 ................ SUCCESS [ 0.267 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly12 ................ SUCCESS [ 0.160 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly13 ................ SUCCESS [ 0.225 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly14 ................ SUCCESS [ 0.294 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly15 ................ SUCCESS [ 0.158 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly16 ................ SUCCESS [ 0.215 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly17 ................ SUCCESS [ 0.252 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly18 ................ SUCCESS [ 0.191 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly19 ................ SUCCESS [ 0.184 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly20 ................ SUCCESS [ 0.130 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly21 ................ SUCCESS [ 0.133 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly22 ................ SUCCESS [ 0.170 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly23 ................ SUCCESS [ 0.204 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly24 ................ SUCCESS [ 0.137 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly25 ................ SUCCESS [ 0.240 s] 19:01:00 [INFO] dependencies.testsuite.as.wildfly26 ................ SUCCESS [ 0.242 s] 19:01:00 [INFO] dependencies.testsuite.as.tomcat9 .................. SUCCESS [ 0.035 s] 19:01:00 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 0.255 s] 19:01:00 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 0.028 s] 19:01:00 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 0.016 s] 19:01:00 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 0.065 s] 19:01:00 [INFO] compile ............................................ SUCCESS [ 0.001 s] 19:01:00 [INFO] package ............................................ SUCCESS [ 0.000 s] 19:01:00 [INFO] testsuite.utils .................................... SUCCESS [ 0.001 s] 19:01:00 [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.000 s] 19:01:00 [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.001 s] 19:01:00 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.000 s] 19:01:00 [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.001 s] 19:01:00 [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.000 s] 19:01:00 [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.001 s] 19:01:00 [INFO] coverage.jacoco .................................... SUCCESS [ 0.000 s] 19:01:00 [INFO] ------------------------------------------------------------------------ 19:01:00 [INFO] BUILD SUCCESS 19:01:00 [INFO] ------------------------------------------------------------------------ 19:01:00 [INFO] Total time: 12.327 s 19:01:00 [INFO] Finished at: 2024-11-15T19:01:00+01:00 19:01:00 [INFO] ------------------------------------------------------------------------ 19:01:00 [GovWay] $ /opt/apache-maven-3.6.3/bin/mvn -Dpackage=none -Dcompile=none -Dowasp=verify -Dtestsuite=none -DnvdApiKey=f8281fbf-3d81-4e4a-9f03-ab68856b336d -Dowasp.plugin.failBuildOnAnyVulnerability=false verify 19:01:02 [INFO] Scanning for projects... 19:01:03 [INFO] ------------------------------------------------------------------------ 19:01:03 [INFO] Reactor Build Order: 19:01:03 [INFO] 19:01:03 [INFO] govway [pom] 19:01:03 [INFO] dependencies [pom] 19:01:03 [INFO] dependencies.ant [pom] 19:01:03 [INFO] dependencies.antinstaller [pom] 19:01:03 [INFO] dependencies.axiom [pom] 19:01:03 [INFO] dependencies.bean-validation [pom] 19:01:03 [INFO] dependencies.cxf [pom] 19:01:03 [INFO] dependencies.commons [pom] 19:01:03 [INFO] dependencies.faces [pom] 19:01:03 [INFO] dependencies.git [pom] 19:01:03 [INFO] dependencies.httpcore [pom] 19:01:03 [INFO] dependencies.jackson [pom] 19:01:03 [INFO] dependencies.javax [pom] 19:01:03 [INFO] dependencies.jax [pom] 19:01:03 [INFO] dependencies.jetty [pom] 19:01:03 [INFO] dependencies.jminix [pom] 19:01:03 [INFO] dependencies.json [pom] 19:01:03 [INFO] dependencies.log [pom] 19:01:03 [INFO] dependencies.lucene [pom] 19:01:03 [INFO] dependencies.swagger [pom] 19:01:03 [INFO] dependencies.opensaml [pom] 19:01:03 [INFO] dependencies.pdf [pom] 19:01:03 [INFO] dependencies.redis [pom] 19:01:03 [INFO] dependencies.reports [pom] 19:01:03 [INFO] dependencies.saaj [pom] 19:01:03 [INFO] dependencies.security [pom] 19:01:03 [INFO] dependencies.shared [pom] 19:01:03 [INFO] dependencies.soapbox [pom] 19:01:03 [INFO] dependencies.spring [pom] 19:01:03 [INFO] dependencies.spring-ldap [pom] 19:01:03 [INFO] dependencies.spring-security [pom] 19:01:03 [INFO] dependencies.swagger [pom] 19:01:03 [INFO] dependencies.wadl [pom] 19:01:03 [INFO] dependencies.wss4j [pom] 19:01:03 [INFO] dependencies.testsuite [pom] 19:01:03 [INFO] dependencies.testsuite.axis14 [pom] 19:01:03 [INFO] dependencies.testsuite.as [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly8 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly9 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly10 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly11 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly12 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly13 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly14 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly15 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly16 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly17 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly18 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly19 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly20 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly21 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly22 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly23 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly24 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly25 [pom] 19:01:03 [INFO] dependencies.testsuite.as.wildfly26 [pom] 19:01:03 [INFO] dependencies.testsuite.as.tomcat9 [pom] 19:01:03 [INFO] dependencies.testsuite.test [pom] 19:01:03 [INFO] dependencies.testsuite.staticAnalysis [pom] 19:01:03 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 19:01:03 [INFO] dependencies.testsuite.coverage [pom] 19:01:03 [INFO] compile [pom] 19:01:03 [INFO] package [pom] 19:01:03 [INFO] testsuite.utils [pom] 19:01:03 [INFO] testsuite.utils.sql [pom] 19:01:03 [INFO] testsuite.pdd.core [pom] 19:01:03 [INFO] testsuite.pdd.core.sql [pom] 19:01:03 [INFO] static_analysis.spotbugs [pom] 19:01:03 [INFO] static_analysis.sonarqube [pom] 19:01:03 [INFO] dynamic_analysis.zap [pom] 19:01:03 [INFO] coverage.jacoco [pom] 19:01:03 [INFO] 19:01:03 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 19:01:03 [INFO] Building govway 1.0 [1/71] 19:01:03 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:03 [INFO] 19:01:03 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 19:01:03 [INFO] Building dependencies 1.0 [2/71] 19:01:03 [INFO] --------------------------------[ pom ]--------------------------------- 19:01:03 [INFO] 19:01:03 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.dependencies --- 19:01:04 [INFO] Executing tasks 19:01:04 19:01:04 main: 19:01:09 [INFO] Executed tasks 19:01:10 [INFO] 19:01:10 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.dependencies --- 19:01:18 [INFO] Checking for updates 19:01:21 [WARNING] NVD API request failures are occurring; retrying request for the 1 time 19:01:23 [INFO] NVD API has 1,219 records in this update 19:01:23 [INFO] Downloaded 1,219/1,219 (100%) 19:01:26 [INFO] Completed processing batch 1/1 (100%) in 3,033ms 19:01:26 [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json 19:01:27 [INFO] Begin database defrag 19:01:36 [INFO] End database defrag (9947 ms) 19:01:36 [INFO] Check for updates complete (18755 ms) 19:01:37 [INFO] 19:01:37 19:01:37 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:01:37 19:01:37 19:01:37 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:01:37 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:01:37 19:01:37 💖 Sponsor: https://github.com/sponsors/jeremylong 19:01:37 19:01:37 19:01:37 [INFO] Analysis Started 19:01:40 [INFO] Finished Archive Analyzer (3 seconds) 19:01:40 [INFO] Finished File Name Analyzer (0 seconds) 19:01:43 [INFO] Finished Jar Analyzer (3 seconds) 19:01:43 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:01:44 [INFO] Finished Hint Analyzer (0 seconds) 19:01:44 [INFO] Finished Version Filter Analyzer (0 seconds) 19:01:47 [INFO] Created CPE Index (3 seconds) 19:01:54 [INFO] Finished CPE Analyzer (10 seconds) 19:01:54 [INFO] Finished False Positive Analyzer (0 seconds) 19:01:54 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:02:10 [INFO] Finished RetireJS Analyzer (15 seconds) 19:02:13 [INFO] Finished Sonatype OSS Index Analyzer (3 seconds) 19:02:13 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:02:13 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:02:14 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:02:14 19:02:14 19:02:14 ## Recommendation 19:02:14 19:02:14 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:02:14 19:02:14 The following template can be used to demonstrate the vulnerability: 19:02:14 ```{{#with "constructor"}} 19:02:14 {{#with split as |a|}} 19:02:14 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:02:14 {{#with (concat (lookup join (slice 0 1)))}} 19:02:14 {{#each (slice 2 3)}} 19:02:14 {{#with (apply 0 a)}} 19:02:14 {{.}} 19:02:14 {{/with}} 19:02:14 {{/each}} 19:02:14 {{/with}} 19:02:14 {{/with}} 19:02:14 {{/with}}``` 19:02:14 19:02:14 19:02:14 ## Recommendation 19:02:14 19:02:14 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:14 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:02:15 [INFO] Analysis Complete (38 seconds) 19:02:15 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml 19:02:16 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.html 19:02:17 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.json 19:02:17 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.csv 19:02:17 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.sarif 19:02:17 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-jenkins.html 19:02:17 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-junit.xml 19:02:17 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-gitlab.json 19:02:17 [INFO] 19:02:17 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 19:02:17 [INFO] Building dependencies.ant 1.0 [3/71] 19:02:17 [INFO] --------------------------------[ pom ]--------------------------------- 19:02:17 [INFO] 19:02:17 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.ant --- 19:02:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 19:02:17 [INFO] 19:02:17 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 19:02:18 [INFO] Copying ant-contrib-1.0b3.jar to /var/lib/jenkins/workspace/GovWay/lib/ant/ant-contrib-1.0b3.jar 19:02:18 [INFO] 19:02:18 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.ant --- 19:02:18 [INFO] Executing tasks 19:02:18 19:02:18 main: 19:02:23 [INFO] Executed tasks 19:02:23 [INFO] 19:02:23 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.ant --- 19:02:23 [INFO] Checking for updates 19:02:23 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:02:23 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:02:23 [INFO] Check for updates complete (73 ms) 19:02:23 [INFO] 19:02:23 19:02:23 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:02:23 19:02:23 19:02:23 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:02:23 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:02:23 19:02:23 💖 Sponsor: https://github.com/sponsors/jeremylong 19:02:23 19:02:23 19:02:23 [INFO] Analysis Started 19:02:23 [INFO] Finished Archive Analyzer (0 seconds) 19:02:23 [INFO] Finished File Name Analyzer (0 seconds) 19:02:23 [INFO] Finished Jar Analyzer (0 seconds) 19:02:23 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:02:23 [INFO] Finished Hint Analyzer (0 seconds) 19:02:23 [INFO] Finished Version Filter Analyzer (0 seconds) 19:02:25 [INFO] Created CPE Index (1 seconds) 19:02:25 [INFO] Finished CPE Analyzer (1 seconds) 19:02:25 [INFO] Finished False Positive Analyzer (0 seconds) 19:02:25 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:02:25 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:02:25 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:02:25 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:02:25 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:02:25 19:02:25 19:02:25 ## Recommendation 19:02:25 19:02:25 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:02:25 19:02:25 The following template can be used to demonstrate the vulnerability: 19:02:25 ```{{#with "constructor"}} 19:02:25 {{#with split as |a|}} 19:02:25 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:02:25 {{#with (concat (lookup join (slice 0 1)))}} 19:02:25 {{#each (slice 2 3)}} 19:02:25 {{#with (apply 0 a)}} 19:02:25 {{.}} 19:02:25 {{/with}} 19:02:25 {{/each}} 19:02:25 {{/with}} 19:02:25 {{/with}} 19:02:25 {{/with}}``` 19:02:25 19:02:25 19:02:25 ## Recommendation 19:02:25 19:02:25 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:25 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:02:25 [INFO] Analysis Complete (1 seconds) 19:02:25 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:02:25 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:02:25 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:02:25 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:02:25 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:02:25 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:02:25 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:02:25 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:02:25 [INFO] 19:02:25 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 19:02:25 [INFO] Building dependencies.antinstaller 1.0 [4/71] 19:02:25 [INFO] --------------------------------[ pom ]--------------------------------- 19:02:25 [INFO] 19:02:25 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.antinstaller --- 19:02:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 19:02:25 [INFO] 19:02:25 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 19:02:25 [INFO] Copying ant-installer-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-installer-0.8b.jar 19:02:25 [INFO] Copying xml-apis_antinstaller-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/xml-apis_antinstaller-0.8b.jar 19:02:25 [INFO] Copying ai-icons-eclipse_antinstaller-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ai-icons-eclipse_antinstaller-0.8b.jar 19:02:25 [INFO] Copying jgoodies-edited-1.2.2-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/jgoodies-edited-1.2.2-gov4j-1.jar 19:02:25 [INFO] Copying ant-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-1.10.11.jar 19:02:25 [INFO] Copying ant-apache-regexp-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-apache-regexp-1.10.11.jar 19:02:25 [INFO] Copying ant-launcher-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-launcher-1.10.11.jar 19:02:25 [INFO] Copying jakarta-regexp-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/jakarta-regexp-1.5.jar 19:02:25 [INFO] 19:02:25 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.antinstaller --- 19:02:25 [INFO] Executing tasks 19:02:25 19:02:25 main: 19:02:30 [INFO] Executed tasks 19:02:30 [INFO] 19:02:30 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.antinstaller --- 19:02:31 [INFO] Checking for updates 19:02:31 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:02:31 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:02:31 [INFO] Check for updates complete (99 ms) 19:02:31 [INFO] 19:02:31 19:02:31 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:02:31 19:02:31 19:02:31 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:02:31 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:02:31 19:02:31 💖 Sponsor: https://github.com/sponsors/jeremylong 19:02:31 19:02:31 19:02:31 [INFO] Analysis Started 19:02:31 [INFO] Finished Archive Analyzer (0 seconds) 19:02:31 [INFO] Finished File Name Analyzer (0 seconds) 19:02:31 [INFO] Finished Jar Analyzer (0 seconds) 19:02:31 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:02:31 [INFO] Finished Hint Analyzer (0 seconds) 19:02:31 [INFO] Finished Version Filter Analyzer (0 seconds) 19:02:34 [INFO] Created CPE Index (2 seconds) 19:02:34 [INFO] Finished CPE Analyzer (3 seconds) 19:02:34 [INFO] Finished False Positive Analyzer (0 seconds) 19:02:34 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:02:34 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:02:34 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:02:34 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:02:34 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:02:34 19:02:34 19:02:34 ## Recommendation 19:02:34 19:02:34 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:02:34 19:02:34 The following template can be used to demonstrate the vulnerability: 19:02:34 ```{{#with "constructor"}} 19:02:34 {{#with split as |a|}} 19:02:34 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:02:34 {{#with (concat (lookup join (slice 0 1)))}} 19:02:34 {{#each (slice 2 3)}} 19:02:34 {{#with (apply 0 a)}} 19:02:34 {{.}} 19:02:34 {{/with}} 19:02:34 {{/each}} 19:02:34 {{/with}} 19:02:34 {{/with}} 19:02:34 {{/with}}``` 19:02:34 19:02:34 19:02:34 ## Recommendation 19:02:34 19:02:34 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:34 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:02:34 [INFO] Analysis Complete (3 seconds) 19:02:34 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:02:35 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:02:35 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:02:35 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:02:35 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:02:35 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:02:35 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:02:35 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:02:35 [INFO] 19:02:35 [INFO] ---------------< org.openspcoop2:org.openspcoop2.axiom >---------------- 19:02:35 [INFO] Building dependencies.axiom 1.0 [5/71] 19:02:35 [INFO] --------------------------------[ pom ]--------------------------------- 19:02:35 [INFO] 19:02:35 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.axiom --- 19:02:35 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axiom (includes = [*.jar], excludes = []) 19:02:35 [INFO] 19:02:35 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.axiom --- 19:02:35 [INFO] Copying axiom-api-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-api-1.2.13-gov4j-2.jar 19:02:35 [INFO] Copying axiom-dom-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-dom-1.2.13-gov4j-2.jar 19:02:35 [INFO] Copying axiom-impl-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-impl-1.2.13-gov4j-2.jar 19:02:35 [INFO] Copying axiom-common-impl-1.2.13.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-common-impl-1.2.13.jar 19:02:35 [INFO] 19:02:35 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.axiom --- 19:02:35 [INFO] Executing tasks 19:02:35 19:02:35 main: 19:02:40 [INFO] Executed tasks 19:02:40 [INFO] 19:02:40 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.axiom --- 19:02:40 [INFO] Checking for updates 19:02:40 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:02:40 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:02:40 [INFO] Check for updates complete (111 ms) 19:02:40 [INFO] 19:02:40 19:02:40 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:02:40 19:02:40 19:02:40 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:02:40 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:02:40 19:02:40 💖 Sponsor: https://github.com/sponsors/jeremylong 19:02:40 19:02:40 19:02:40 [INFO] Analysis Started 19:02:40 [INFO] Finished Archive Analyzer (0 seconds) 19:02:40 [INFO] Finished File Name Analyzer (0 seconds) 19:02:40 [INFO] Finished Jar Analyzer (0 seconds) 19:02:40 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:02:40 [INFO] Finished Hint Analyzer (0 seconds) 19:02:40 [INFO] Finished Version Filter Analyzer (0 seconds) 19:02:41 [INFO] Created CPE Index (1 seconds) 19:02:42 [INFO] Finished CPE Analyzer (1 seconds) 19:02:42 [INFO] Finished False Positive Analyzer (0 seconds) 19:02:42 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:02:42 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:02:42 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:02:42 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:02:42 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:02:42 19:02:42 19:02:42 ## Recommendation 19:02:42 19:02:42 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:02:42 19:02:42 The following template can be used to demonstrate the vulnerability: 19:02:42 ```{{#with "constructor"}} 19:02:42 {{#with split as |a|}} 19:02:42 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:02:42 {{#with (concat (lookup join (slice 0 1)))}} 19:02:42 {{#each (slice 2 3)}} 19:02:42 {{#with (apply 0 a)}} 19:02:42 {{.}} 19:02:42 {{/with}} 19:02:42 {{/each}} 19:02:42 {{/with}} 19:02:42 {{/with}} 19:02:42 {{/with}}``` 19:02:42 19:02:42 19:02:42 ## Recommendation 19:02:42 19:02:42 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:42 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:02:42 [INFO] Analysis Complete (1 seconds) 19:02:42 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:02:42 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:02:42 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:02:42 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:02:42 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:02:42 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:02:42 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:02:42 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:02:42 [INFO] 19:02:42 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 19:02:42 [INFO] Building dependencies.bean-validation 1.0 [6/71] 19:02:42 [INFO] --------------------------------[ pom ]--------------------------------- 19:02:42 [INFO] 19:02:42 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.bean-validation --- 19:02:42 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 19:02:42 [INFO] 19:02:42 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 19:02:42 [INFO] Copying hibernate-validator-6.2.5.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/hibernate-validator-6.2.5.Final.jar 19:02:42 [INFO] Copying hibernate-validator-cdi-6.2.5.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/hibernate-validator-cdi-6.2.5.Final.jar 19:02:42 [INFO] Copying classmate-1.5.1.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/classmate-1.5.1.jar 19:02:42 [INFO] Copying jboss-logging-3.4.3.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/jboss-logging-3.4.3.Final.jar 19:02:42 [INFO] 19:02:42 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.bean-validation --- 19:02:42 [INFO] Executing tasks 19:02:42 19:02:42 main: 19:02:47 [INFO] Executed tasks 19:02:47 [INFO] 19:02:47 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.bean-validation --- 19:02:47 [INFO] Checking for updates 19:02:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:02:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:02:47 [INFO] Check for updates complete (69 ms) 19:02:47 [INFO] 19:02:47 19:02:47 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:02:47 19:02:47 19:02:47 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:02:47 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:02:47 19:02:47 💖 Sponsor: https://github.com/sponsors/jeremylong 19:02:47 19:02:47 19:02:47 [INFO] Analysis Started 19:02:47 [INFO] Finished Archive Analyzer (0 seconds) 19:02:47 [INFO] Finished File Name Analyzer (0 seconds) 19:02:47 [INFO] Finished Jar Analyzer (0 seconds) 19:02:47 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:02:47 [INFO] Finished Hint Analyzer (0 seconds) 19:02:47 [INFO] Finished Version Filter Analyzer (0 seconds) 19:02:49 [INFO] Created CPE Index (1 seconds) 19:02:49 [INFO] Finished CPE Analyzer (1 seconds) 19:02:49 [INFO] Finished False Positive Analyzer (0 seconds) 19:02:49 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:02:49 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:02:49 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:02:49 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:02:49 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:02:49 19:02:49 19:02:49 ## Recommendation 19:02:49 19:02:49 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:02:49 19:02:49 The following template can be used to demonstrate the vulnerability: 19:02:49 ```{{#with "constructor"}} 19:02:49 {{#with split as |a|}} 19:02:49 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:02:49 {{#with (concat (lookup join (slice 0 1)))}} 19:02:49 {{#each (slice 2 3)}} 19:02:49 {{#with (apply 0 a)}} 19:02:49 {{.}} 19:02:49 {{/with}} 19:02:49 {{/each}} 19:02:49 {{/with}} 19:02:49 {{/with}} 19:02:49 {{/with}}``` 19:02:49 19:02:49 19:02:49 ## Recommendation 19:02:49 19:02:49 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:49 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:02:49 [INFO] Analysis Complete (1 seconds) 19:02:49 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:02:49 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:02:49 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:02:49 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:02:49 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:02:49 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:02:49 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:02:49 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:02:49 [INFO] 19:02:49 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 19:02:49 [INFO] Building dependencies.cxf 1.0 [7/71] 19:02:49 [INFO] --------------------------------[ pom ]--------------------------------- 19:02:49 [INFO] 19:02:49 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.cxf --- 19:02:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 19:02:49 [INFO] 19:02:49 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 19:02:49 [INFO] Copying cxf-core-3.6.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-3.6.4-gov4j-1.jar 19:02:49 [INFO] Copying cxf-rt-rs-security-jose-3.6.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-3.6.4-gov4j-1.jar 19:02:49 [INFO] Copying cxf-rt-bindings-soap-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-bindings-soap-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-databinding-jaxb-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-databinding-jaxb-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-features-logging-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-features-logging-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-frontend-jaxrs-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-jaxrs-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-frontend-jaxws-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-jaxws-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-frontend-simple-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-simple-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-rs-json-basic-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-json-basic-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-rs-security-jose-jaxrs-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-jaxrs-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-rs-service-description-openapi-v3-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-openapi-v3-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-rs-service-description-swagger-ui-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-swagger-ui-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-rs-service-description-common-openapi-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-common-openapi-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-rs-client-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-client-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-security-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-security-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-security-saml-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-security-saml-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-transports-http-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-transports-http-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-transports-http-jetty-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-transports-http-jetty-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-wsdl-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-wsdl-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-ws-policy-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-ws-policy-3.6.4.jar 19:02:49 [INFO] Copying cxf-rt-ws-security-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-ws-security-3.6.4.jar 19:02:49 [INFO] Copying cxf-tools-common-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-common-3.6.4.jar 19:02:49 [INFO] Copying cxf-tools-validator-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-validator-3.6.4.jar 19:02:49 [INFO] Copying cxf-tools-wsdlto-core-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-core-3.6.4.jar 19:02:49 [INFO] Copying cxf-tools-wsdlto-databinding-jaxb-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-databinding-jaxb-3.6.4.jar 19:02:49 [INFO] Copying cxf-tools-wsdlto-frontend-jaxws-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-frontend-jaxws-3.6.4.jar 19:02:49 [INFO] Copying jakarta.ws.rs-api-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/jakarta.ws.rs-api-2.1.6.jar 19:02:49 [INFO] Copying stax2-api-4.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/stax2-api-4.2.2.jar 19:02:49 [INFO] Copying woodstox-core-6.6.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/woodstox-core-6.6.2.jar 19:02:49 [INFO] Copying xml-resolver-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/xml-resolver-1.2.jar 19:02:49 [INFO] Copying xmlschema-core-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/xmlschema-core-2.3.1.jar 19:02:49 [INFO] Copying asm-9.7.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/asm-9.7.jar 19:02:49 [INFO] 19:02:49 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.cxf --- 19:02:49 [INFO] Executing tasks 19:02:49 19:02:49 main: 19:02:54 [INFO] Executed tasks 19:02:54 [INFO] 19:02:54 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.cxf --- 19:02:54 [INFO] Checking for updates 19:02:54 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:02:54 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:02:54 [INFO] Check for updates complete (67 ms) 19:02:55 [INFO] 19:02:55 19:02:55 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:02:55 19:02:55 19:02:55 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:02:55 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:02:55 19:02:55 💖 Sponsor: https://github.com/sponsors/jeremylong 19:02:55 19:02:55 19:02:55 [INFO] Analysis Started 19:02:55 [INFO] Finished Archive Analyzer (0 seconds) 19:02:55 [INFO] Finished File Name Analyzer (0 seconds) 19:02:55 [INFO] Finished Jar Analyzer (0 seconds) 19:02:55 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:02:55 [INFO] Finished Hint Analyzer (0 seconds) 19:02:55 [INFO] Finished Version Filter Analyzer (0 seconds) 19:02:56 [INFO] Created CPE Index (1 seconds) 19:02:57 [INFO] Finished CPE Analyzer (1 seconds) 19:02:57 [INFO] Finished False Positive Analyzer (0 seconds) 19:02:57 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:02:57 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:02:57 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:02:57 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:02:57 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:02:57 19:02:57 19:02:57 ## Recommendation 19:02:57 19:02:57 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:02:57 19:02:57 The following template can be used to demonstrate the vulnerability: 19:02:57 ```{{#with "constructor"}} 19:02:57 {{#with split as |a|}} 19:02:57 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:02:57 {{#with (concat (lookup join (slice 0 1)))}} 19:02:57 {{#each (slice 2 3)}} 19:02:57 {{#with (apply 0 a)}} 19:02:57 {{.}} 19:02:57 {{/with}} 19:02:57 {{/each}} 19:02:57 {{/with}} 19:02:57 {{/with}} 19:02:57 {{/with}}``` 19:02:57 19:02:57 19:02:57 ## Recommendation 19:02:57 19:02:57 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:02:57 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:02:57 [INFO] Analysis Complete (2 seconds) 19:02:57 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:02:57 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:02:57 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:02:57 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:02:57 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:02:57 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:02:57 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:02:57 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:02:57 [INFO] 19:02:57 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 19:02:57 [INFO] Building dependencies.commons 1.0 [8/71] 19:02:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:02:57 [INFO] 19:02:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.commons --- 19:02:57 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 19:02:57 [INFO] 19:02:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 19:02:57 [INFO] Copying commons-beanutils-1.9.4.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-beanutils-1.9.4.jar 19:02:57 [INFO] Copying commons-chain-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-chain-1.2.jar 19:02:57 [INFO] Copying commons-cli-1.5.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-cli-1.5.0.jar 19:02:57 [INFO] Copying commons-codec-1.15.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-codec-1.15.jar 19:02:57 [INFO] Copying commons-collections-3.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-collections-3.2.2.jar 19:02:57 [INFO] Copying commons-collections4-4.4.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-collections4-4.4.jar 19:02:57 [INFO] Copying commons-compress-1.26.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-compress-1.26.0.jar 19:02:57 [INFO] Copying commons-csv-1.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-csv-1.9.0.jar 19:02:57 [INFO] Copying commons-dbcp2-2.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-dbcp2-2.9.0.jar 19:02:57 [INFO] Copying commons-digester-2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-digester-2.1.jar 19:02:57 [INFO] Copying commons-discovery-0.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-discovery-0.5.jar 19:02:57 [INFO] Copying commons-email-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-email-1.5.jar 19:02:57 [INFO] Copying commons-fileupload-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-fileupload-1.5.jar 19:02:57 [INFO] Copying commons-io-2.15.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-io-2.15.1.jar 19:02:57 [INFO] Copying commons-lang-2.6.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-lang-2.6.jar 19:02:57 [INFO] Copying commons-lang3-3.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-lang3-3.12.0.jar 19:02:57 [INFO] Copying commons-logging-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-logging-1.2.jar 19:02:57 [INFO] Copying commons-math3-3.6.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-math3-3.6.1.jar 19:02:57 [INFO] Copying commons-net-3.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-net-3.9.0.jar 19:02:57 [INFO] Copying commons-pool2-2.11.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-pool2-2.11.1.jar 19:02:57 [INFO] Copying commons-validator-1.7.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-validator-1.7.jar 19:02:57 [INFO] 19:02:57 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.commons --- 19:02:57 [INFO] Executing tasks 19:02:57 19:02:57 main: 19:03:02 [INFO] Executed tasks 19:03:02 [INFO] 19:03:02 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.commons --- 19:03:02 [INFO] Checking for updates 19:03:02 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:03:03 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:03:03 [INFO] Check for updates complete (188 ms) 19:03:03 [INFO] 19:03:03 19:03:03 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:03:03 19:03:03 19:03:03 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:03:03 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:03:03 19:03:03 💖 Sponsor: https://github.com/sponsors/jeremylong 19:03:03 19:03:03 19:03:03 [INFO] Analysis Started 19:03:03 [INFO] Finished Archive Analyzer (0 seconds) 19:03:03 [INFO] Finished File Name Analyzer (0 seconds) 19:03:03 [INFO] Finished Jar Analyzer (0 seconds) 19:03:03 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:03:03 [INFO] Finished Hint Analyzer (0 seconds) 19:03:03 [INFO] Finished Version Filter Analyzer (0 seconds) 19:03:04 [INFO] Created CPE Index (1 seconds) 19:03:05 [INFO] Finished CPE Analyzer (1 seconds) 19:03:05 [INFO] Finished False Positive Analyzer (0 seconds) 19:03:05 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:03:05 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:03:05 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:03:05 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:03:05 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:03:05 19:03:05 19:03:05 ## Recommendation 19:03:05 19:03:05 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:03:05 19:03:05 The following template can be used to demonstrate the vulnerability: 19:03:05 ```{{#with "constructor"}} 19:03:05 {{#with split as |a|}} 19:03:05 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:03:05 {{#with (concat (lookup join (slice 0 1)))}} 19:03:05 {{#each (slice 2 3)}} 19:03:05 {{#with (apply 0 a)}} 19:03:05 {{.}} 19:03:05 {{/with}} 19:03:05 {{/each}} 19:03:05 {{/with}} 19:03:05 {{/with}} 19:03:05 {{/with}}``` 19:03:05 19:03:05 19:03:05 ## Recommendation 19:03:05 19:03:05 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:05 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:03:05 [INFO] Analysis Complete (2 seconds) 19:03:05 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:03:05 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:03:05 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:03:05 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:03:05 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:03:05 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:03:05 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:03:05 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:03:05 [INFO] 19:03:05 [INFO] ---------------< org.openspcoop2:org.openspcoop2.faces >---------------- 19:03:05 [INFO] Building dependencies.faces 1.0 [9/71] 19:03:05 [INFO] --------------------------------[ pom ]--------------------------------- 19:03:05 [INFO] 19:03:05 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.faces --- 19:03:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/faces (includes = [*.jar], excludes = []) 19:03:05 [INFO] 19:03:05 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.faces --- 19:03:05 [INFO] Copying facelets-taglib-jsf12-spring-4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/facelets-taglib-jsf12-spring-4-gov4j-1.jar 19:03:05 [INFO] Copying facelets-taglib-jsf20-spring-4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/facelets-taglib-jsf20-spring-4-gov4j-1.jar 19:03:05 [INFO] Copying aopalliance-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/aopalliance-1.0.jar 19:03:05 [INFO] Copying cglib-nodep-2.2.3.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/cglib-nodep-2.2.3.jar 19:03:05 [INFO] Copying el-impl-2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/el-impl-2.2.jar 19:03:05 [INFO] Copying javax.faces-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.faces-2.4.0.jar 19:03:05 [INFO] Copying javax.servlet.jsp.jstl-1.2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.servlet.jsp.jstl-1.2.1.jar 19:03:05 [INFO] Copying javax.servlet.jsp.jstl-api-1.2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.servlet.jsp.jstl-api-1.2.1.jar 19:03:05 [INFO] Copying jsf-api-1.2_15-06.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-api-1.2_15-06.jar 19:03:05 [INFO] Copying jsf-impl-1.2_15-06.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-impl-1.2_15-06.jar 19:03:05 [INFO] Copying jsf-facelets-1.1.15.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-facelets-1.1.15.jar 19:03:05 [INFO] Copying jsr311-api-1.1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsr311-api-1.1.1.jar 19:03:05 [INFO] Copying richfaces-api-3.3.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-api-3.3.4.Final.jar 19:03:05 [INFO] Copying richfaces-impl-3.3.4.Final-gov4j-4.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-impl-3.3.4.Final-gov4j-4.jar 19:03:05 [INFO] Copying richfaces-impl-jsf2-3.3.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-impl-jsf2-3.3.4.Final.jar 19:03:05 [INFO] Copying richfaces-ui-3.3.4.Final-gov4j-4.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-ui-3.3.4.Final-gov4j-4.jar 19:03:05 [INFO] 19:03:05 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.faces --- 19:03:05 [INFO] Executing tasks 19:03:05 19:03:05 main: 19:03:10 [INFO] Executed tasks 19:03:10 [INFO] 19:03:10 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.faces --- 19:03:10 [INFO] Checking for updates 19:03:10 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:03:11 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:03:11 [INFO] Check for updates complete (89 ms) 19:03:11 [INFO] 19:03:11 19:03:11 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:03:11 19:03:11 19:03:11 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:03:11 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:03:11 19:03:11 💖 Sponsor: https://github.com/sponsors/jeremylong 19:03:11 19:03:11 19:03:11 [INFO] Analysis Started 19:03:11 [INFO] Finished Archive Analyzer (0 seconds) 19:03:11 [INFO] Finished File Name Analyzer (0 seconds) 19:03:11 [INFO] Finished Jar Analyzer (0 seconds) 19:03:11 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:03:12 [INFO] Finished Hint Analyzer (0 seconds) 19:03:12 [INFO] Finished Version Filter Analyzer (0 seconds) 19:03:13 [INFO] Created CPE Index (1 seconds) 19:03:13 [INFO] Finished CPE Analyzer (1 seconds) 19:03:13 [INFO] Finished False Positive Analyzer (0 seconds) 19:03:13 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:03:21 [INFO] Finished RetireJS Analyzer (7 seconds) 19:03:21 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:03:21 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:03:21 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:03:21 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:03:21 19:03:21 19:03:21 ## Recommendation 19:03:21 19:03:21 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:03:21 19:03:21 The following template can be used to demonstrate the vulnerability: 19:03:21 ```{{#with "constructor"}} 19:03:21 {{#with split as |a|}} 19:03:21 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:03:21 {{#with (concat (lookup join (slice 0 1)))}} 19:03:21 {{#each (slice 2 3)}} 19:03:21 {{#with (apply 0 a)}} 19:03:21 {{.}} 19:03:21 {{/with}} 19:03:21 {{/each}} 19:03:21 {{/with}} 19:03:21 {{/with}} 19:03:21 {{/with}}``` 19:03:21 19:03:21 19:03:21 ## Recommendation 19:03:21 19:03:21 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:21 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:03:21 [INFO] Analysis Complete (10 seconds) 19:03:21 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:03:21 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:03:22 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:03:22 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:03:22 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:03:22 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:03:22 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:03:22 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:03:22 [INFO] 19:03:22 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 19:03:22 [INFO] Building dependencies.git 1.0 [10/71] 19:03:22 [INFO] --------------------------------[ pom ]--------------------------------- 19:03:22 [INFO] 19:03:22 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.git --- 19:03:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 19:03:22 [INFO] 19:03:22 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 19:03:22 [INFO] Copying openspcoop2_git-task-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/git/openspcoop2_git-task-1.0.jar 19:03:22 [INFO] Copying org.eclipse.jgit-6.7.0.202309050840-r.jar to /var/lib/jenkins/workspace/GovWay/lib/git/org.eclipse.jgit-6.7.0.202309050840-r.jar 19:03:22 [INFO] 19:03:22 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.git --- 19:03:22 [INFO] Executing tasks 19:03:22 19:03:22 main: 19:03:27 [INFO] Executed tasks 19:03:27 [INFO] 19:03:27 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.git --- 19:03:27 [INFO] Checking for updates 19:03:27 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:03:27 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:03:27 [INFO] Check for updates complete (74 ms) 19:03:27 [INFO] 19:03:27 19:03:27 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:03:27 19:03:27 19:03:27 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:03:27 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:03:27 19:03:27 💖 Sponsor: https://github.com/sponsors/jeremylong 19:03:27 19:03:27 19:03:27 [INFO] Analysis Started 19:03:27 [INFO] Finished Archive Analyzer (0 seconds) 19:03:27 [INFO] Finished File Name Analyzer (0 seconds) 19:03:27 [INFO] Finished Jar Analyzer (0 seconds) 19:03:27 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:03:27 [INFO] Finished Hint Analyzer (0 seconds) 19:03:27 [INFO] Finished Version Filter Analyzer (0 seconds) 19:03:28 [INFO] Created CPE Index (0 seconds) 19:03:29 [INFO] Finished CPE Analyzer (1 seconds) 19:03:29 [INFO] Finished False Positive Analyzer (0 seconds) 19:03:29 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:03:29 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:03:29 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:03:29 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:03:29 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:03:29 19:03:29 19:03:29 ## Recommendation 19:03:29 19:03:29 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:03:29 19:03:29 The following template can be used to demonstrate the vulnerability: 19:03:29 ```{{#with "constructor"}} 19:03:29 {{#with split as |a|}} 19:03:29 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:03:29 {{#with (concat (lookup join (slice 0 1)))}} 19:03:29 {{#each (slice 2 3)}} 19:03:29 {{#with (apply 0 a)}} 19:03:29 {{.}} 19:03:29 {{/with}} 19:03:29 {{/each}} 19:03:29 {{/with}} 19:03:29 {{/with}} 19:03:29 {{/with}}``` 19:03:29 19:03:29 19:03:29 ## Recommendation 19:03:29 19:03:29 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:29 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:03:29 [INFO] Analysis Complete (1 seconds) 19:03:29 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:03:29 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:03:29 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:03:29 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:03:29 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:03:29 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:03:29 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:03:29 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:03:29 [INFO] 19:03:29 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 19:03:29 [INFO] Building dependencies.httpcore 1.0 [11/71] 19:03:29 [INFO] --------------------------------[ pom ]--------------------------------- 19:03:29 [INFO] 19:03:29 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.httpcore --- 19:03:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 19:03:29 [INFO] 19:03:29 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 19:03:29 [INFO] Copying httpcore-4.4.15.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-4.4.15.jar 19:03:29 [INFO] Copying httpcore-nio-4.4.15.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-nio-4.4.15.jar 19:03:29 [INFO] Copying httpcore-ab-4.4.15-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-ab-4.4.15-gov4j-2.jar 19:03:29 [INFO] Copying apache-mime4j-core-0.8.10.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/apache-mime4j-core-0.8.10.jar 19:03:29 [INFO] Copying apache-mime4j-dom-0.8.10.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/apache-mime4j-dom-0.8.10.jar 19:03:29 [INFO] Copying fluent-hc-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/fluent-hc-4.5.13.jar 19:03:29 [INFO] Copying httpclient-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-4.5.13.jar 19:03:29 [INFO] Copying httpclient-cache-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-cache-4.5.13.jar 19:03:29 [INFO] Copying httpclient-win-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-win-4.5.13.jar 19:03:29 [INFO] Copying httpmime-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpmime-4.5.13.jar 19:03:29 [INFO] Copying httpasyncclient-4.1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpasyncclient-4.1.5.jar 19:03:29 [INFO] Copying httpasyncclient-cache-4.1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpasyncclient-cache-4.1.5.jar 19:03:29 [INFO] 19:03:29 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.httpcore --- 19:03:29 [INFO] Executing tasks 19:03:29 19:03:29 main: 19:03:34 [INFO] Executed tasks 19:03:34 [INFO] 19:03:34 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.httpcore --- 19:03:34 [INFO] Checking for updates 19:03:34 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:03:34 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:03:34 [INFO] Check for updates complete (74 ms) 19:03:34 [INFO] 19:03:34 19:03:34 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:03:34 19:03:34 19:03:34 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:03:34 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:03:34 19:03:34 💖 Sponsor: https://github.com/sponsors/jeremylong 19:03:34 19:03:34 19:03:34 [INFO] Analysis Started 19:03:34 [INFO] Finished Archive Analyzer (0 seconds) 19:03:34 [INFO] Finished File Name Analyzer (0 seconds) 19:03:34 [INFO] Finished Jar Analyzer (0 seconds) 19:03:34 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:03:34 [INFO] Finished Hint Analyzer (0 seconds) 19:03:34 [INFO] Finished Version Filter Analyzer (0 seconds) 19:03:35 [INFO] Created CPE Index (1 seconds) 19:03:36 [INFO] Finished CPE Analyzer (1 seconds) 19:03:36 [INFO] Finished False Positive Analyzer (0 seconds) 19:03:36 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:03:36 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:03:36 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:03:36 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:03:36 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:03:36 19:03:36 19:03:36 ## Recommendation 19:03:36 19:03:36 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:03:36 19:03:36 The following template can be used to demonstrate the vulnerability: 19:03:36 ```{{#with "constructor"}} 19:03:36 {{#with split as |a|}} 19:03:36 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:03:36 {{#with (concat (lookup join (slice 0 1)))}} 19:03:36 {{#each (slice 2 3)}} 19:03:36 {{#with (apply 0 a)}} 19:03:36 {{.}} 19:03:36 {{/with}} 19:03:36 {{/each}} 19:03:36 {{/with}} 19:03:36 {{/with}} 19:03:36 {{/with}}``` 19:03:36 19:03:36 19:03:36 ## Recommendation 19:03:36 19:03:36 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:36 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:03:36 [INFO] Analysis Complete (1 seconds) 19:03:36 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:03:36 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:03:36 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:03:36 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:03:36 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:03:36 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:03:36 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:03:36 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:03:36 [INFO] 19:03:36 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 19:03:36 [INFO] Building dependencies.jackson 1.0 [12/71] 19:03:36 [INFO] --------------------------------[ pom ]--------------------------------- 19:03:36 [INFO] 19:03:36 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jackson --- 19:03:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 19:03:36 [INFO] 19:03:36 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 19:03:36 [INFO] Copying jackson-annotations-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-annotations-2.14.2.jar 19:03:36 [INFO] Copying jackson-core-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-core-2.14.2.jar 19:03:36 [INFO] Copying jackson-databind-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-databind-2.14.2.jar 19:03:36 [INFO] Copying jackson-dataformat-xml-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-dataformat-xml-2.14.2.jar 19:03:36 [INFO] Copying jackson-dataformat-yaml-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-dataformat-yaml-2.14.2.jar 19:03:36 [INFO] Copying jackson-jaxrs-base-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-base-2.14.2.jar 19:03:36 [INFO] Copying jackson-jaxrs-json-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-json-provider-2.14.2.jar 19:03:36 [INFO] Copying jackson-jaxrs-xml-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-xml-provider-2.14.2.jar 19:03:36 [INFO] Copying jackson-jaxrs-yaml-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-yaml-provider-2.14.2.jar 19:03:36 [INFO] Copying jackson-module-jaxb-annotations-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-module-jaxb-annotations-2.14.2.jar 19:03:36 [INFO] Copying jackson-module-jsonSchema-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-module-jsonSchema-2.14.2.jar 19:03:36 [INFO] Copying jackson-datatype-joda-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-datatype-joda-2.14.2.jar 19:03:36 [INFO] Copying jackson-datatype-jsr310-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-datatype-jsr310-2.14.2.jar 19:03:36 [INFO] Copying jackson-coreutils-1.8.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-coreutils-1.8.jar 19:03:36 [INFO] 19:03:36 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.jackson --- 19:03:36 [INFO] Executing tasks 19:03:36 19:03:36 main: 19:03:41 [INFO] Executed tasks 19:03:41 [INFO] 19:03:41 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.jackson --- 19:03:41 [INFO] Checking for updates 19:03:41 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:03:41 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:03:41 [INFO] Check for updates complete (71 ms) 19:03:41 [INFO] 19:03:41 19:03:41 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:03:41 19:03:41 19:03:41 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:03:41 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:03:41 19:03:41 💖 Sponsor: https://github.com/sponsors/jeremylong 19:03:41 19:03:41 19:03:41 [INFO] Analysis Started 19:03:41 [INFO] Finished Archive Analyzer (0 seconds) 19:03:41 [INFO] Finished File Name Analyzer (0 seconds) 19:03:41 [INFO] Finished Jar Analyzer (0 seconds) 19:03:41 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:03:41 [INFO] Finished Hint Analyzer (0 seconds) 19:03:41 [INFO] Finished Version Filter Analyzer (0 seconds) 19:03:43 [INFO] Created CPE Index (1 seconds) 19:03:43 [INFO] Finished CPE Analyzer (1 seconds) 19:03:43 [INFO] Finished False Positive Analyzer (0 seconds) 19:03:43 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:03:43 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:03:43 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:03:43 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:03:43 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:03:43 19:03:43 19:03:43 ## Recommendation 19:03:43 19:03:43 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:03:43 19:03:43 The following template can be used to demonstrate the vulnerability: 19:03:43 ```{{#with "constructor"}} 19:03:43 {{#with split as |a|}} 19:03:43 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:03:43 {{#with (concat (lookup join (slice 0 1)))}} 19:03:43 {{#each (slice 2 3)}} 19:03:43 {{#with (apply 0 a)}} 19:03:43 {{.}} 19:03:43 {{/with}} 19:03:43 {{/each}} 19:03:43 {{/with}} 19:03:43 {{/with}} 19:03:43 {{/with}}``` 19:03:43 19:03:43 19:03:43 ## Recommendation 19:03:43 19:03:43 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:43 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:03:43 [INFO] Analysis Complete (1 seconds) 19:03:43 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:03:43 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:03:43 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:03:43 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:03:43 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:03:43 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:03:43 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:03:43 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:03:43 [INFO] 19:03:43 [INFO] ---------------< org.openspcoop2:org.openspcoop2.javax >---------------- 19:03:43 [INFO] Building dependencies.javax 1.0 [13/71] 19:03:43 [INFO] --------------------------------[ pom ]--------------------------------- 19:03:43 [INFO] 19:03:43 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.javax --- 19:03:43 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/javax (includes = [*.jar], excludes = []) 19:03:43 [INFO] 19:03:43 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.javax --- 19:03:43 [INFO] Copying javax.management-1.0-gov4j.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.management-1.0-gov4j.jar 19:03:43 [INFO] Copying javax.xml.registry-api-1.0.8.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.xml.registry-api-1.0.8.jar 19:03:43 [INFO] Copying jta-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/jta-1.1.jar 19:03:43 [INFO] Copying javax.servlet-api-4.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.servlet-api-4.0.1.jar 19:03:43 [INFO] Copying javax.security.jacc-api-1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.security.jacc-api-1.6.jar 19:03:43 [INFO] Copying javax.resource-api-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.resource-api-1.7.1.jar 19:03:43 [INFO] Copying persistence-api-1.0.2.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/persistence-api-1.0.2.jar 19:03:43 [INFO] Copying javax.jms-api-2.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.jms-api-2.0.1.jar 19:03:43 [INFO] Copying deployment-api-1.2-rev-1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/deployment-api-1.2-rev-1.jar 19:03:43 [INFO] Copying ejb-api-3.0.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/ejb-api-3.0.jar 19:03:43 [INFO] Copying el-api-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/el-api-1.0.jar 19:03:43 [INFO] Copying javax.annotation-api-1.3.2.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.annotation-api-1.3.2.jar 19:03:43 [INFO] Copying validation-api-2.0.1.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/validation-api-2.0.1.Final.jar 19:03:43 [INFO] Copying openjdk-orb-8.1.9.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/openjdk-orb-8.1.9.Final.jar 19:03:43 [INFO] 19:03:43 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.javax --- 19:03:43 [INFO] Executing tasks 19:03:43 19:03:43 main: 19:03:48 [INFO] Executed tasks 19:03:48 [INFO] 19:03:48 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.javax --- 19:03:48 [INFO] Checking for updates 19:03:48 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:03:48 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:03:48 [INFO] Check for updates complete (72 ms) 19:03:48 [INFO] 19:03:48 19:03:48 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:03:48 19:03:48 19:03:48 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:03:48 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:03:48 19:03:48 💖 Sponsor: https://github.com/sponsors/jeremylong 19:03:48 19:03:48 19:03:48 [INFO] Analysis Started 19:03:49 [INFO] Finished Archive Analyzer (0 seconds) 19:03:49 [INFO] Finished File Name Analyzer (0 seconds) 19:03:49 [INFO] Finished Jar Analyzer (0 seconds) 19:03:49 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:03:49 [INFO] Finished Hint Analyzer (0 seconds) 19:03:49 [INFO] Finished Version Filter Analyzer (0 seconds) 19:03:50 [INFO] Created CPE Index (1 seconds) 19:03:50 [INFO] Finished CPE Analyzer (1 seconds) 19:03:50 [INFO] Finished False Positive Analyzer (0 seconds) 19:03:50 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:03:50 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:03:50 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:03:50 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:03:50 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:03:50 19:03:50 19:03:50 ## Recommendation 19:03:50 19:03:50 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:03:50 19:03:50 The following template can be used to demonstrate the vulnerability: 19:03:50 ```{{#with "constructor"}} 19:03:50 {{#with split as |a|}} 19:03:50 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:03:50 {{#with (concat (lookup join (slice 0 1)))}} 19:03:50 {{#each (slice 2 3)}} 19:03:50 {{#with (apply 0 a)}} 19:03:50 {{.}} 19:03:50 {{/with}} 19:03:50 {{/each}} 19:03:50 {{/with}} 19:03:50 {{/with}} 19:03:50 {{/with}}``` 19:03:50 19:03:50 19:03:50 ## Recommendation 19:03:50 19:03:50 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:50 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:03:50 [INFO] Analysis Complete (1 seconds) 19:03:50 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:03:50 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:03:50 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:03:50 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:03:50 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:03:50 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:03:50 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:03:50 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:03:51 [INFO] 19:03:51 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jax >----------------- 19:03:51 [INFO] Building dependencies.jax 1.0 [14/71] 19:03:51 [INFO] --------------------------------[ pom ]--------------------------------- 19:03:51 [INFO] 19:03:51 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jax --- 19:03:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jax (includes = [*.jar], excludes = []) 19:03:51 [INFO] 19:03:51 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jax --- 19:03:51 [INFO] Copying jaxp-ri-1.4.5-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxp-ri-1.4.5-gov4j-1.jar 19:03:51 [INFO] Copying jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar 19:03:51 [INFO] Copying jaxws-api-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-api-2.3.1.jar 19:03:51 [INFO] Copying jaxb-api-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-api-2.3.1.jar 19:03:51 [INFO] Copying jaxb-core-2.3.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-core-2.3.0.1.jar 19:03:51 [INFO] Copying jaxb-impl-2.3.7.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-impl-2.3.7.jar 19:03:51 [INFO] Copying jaxb-xjc-2.3.7.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-xjc-2.3.7.jar 19:03:51 [INFO] 19:03:51 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.jax --- 19:03:51 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-jsr181-api-2.3.1.jar 19:03:51 [INFO] 19:03:51 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.jax --- 19:03:51 [INFO] Executing tasks 19:03:51 19:03:51 main: 19:03:56 [INFO] Executed tasks 19:03:56 [INFO] 19:03:56 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.jax --- 19:03:56 [INFO] Checking for updates 19:03:56 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:03:56 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:03:56 [INFO] Check for updates complete (73 ms) 19:03:56 [INFO] 19:03:56 19:03:56 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:03:56 19:03:56 19:03:56 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:03:56 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:03:56 19:03:56 💖 Sponsor: https://github.com/sponsors/jeremylong 19:03:56 19:03:56 19:03:56 [INFO] Analysis Started 19:03:56 [INFO] Finished Archive Analyzer (0 seconds) 19:03:56 [INFO] Finished File Name Analyzer (0 seconds) 19:03:56 [INFO] Finished Jar Analyzer (0 seconds) 19:03:56 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:03:56 [INFO] Finished Hint Analyzer (0 seconds) 19:03:56 [INFO] Finished Version Filter Analyzer (0 seconds) 19:03:57 [INFO] Created CPE Index (1 seconds) 19:03:58 [INFO] Finished CPE Analyzer (1 seconds) 19:03:58 [INFO] Finished False Positive Analyzer (0 seconds) 19:03:58 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:03:58 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:03:58 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:03:58 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:03:58 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:03:58 19:03:58 19:03:58 ## Recommendation 19:03:58 19:03:58 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:03:58 19:03:58 The following template can be used to demonstrate the vulnerability: 19:03:58 ```{{#with "constructor"}} 19:03:58 {{#with split as |a|}} 19:03:58 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:03:58 {{#with (concat (lookup join (slice 0 1)))}} 19:03:58 {{#each (slice 2 3)}} 19:03:58 {{#with (apply 0 a)}} 19:03:58 {{.}} 19:03:58 {{/with}} 19:03:58 {{/each}} 19:03:58 {{/with}} 19:03:58 {{/with}} 19:03:58 {{/with}}``` 19:03:58 19:03:58 19:03:58 ## Recommendation 19:03:58 19:03:58 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:03:58 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:03:58 [INFO] Analysis Complete (1 seconds) 19:03:58 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:03:58 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:03:58 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:03:58 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:03:58 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:03:58 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:03:58 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:03:58 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:03:58 [INFO] 19:03:58 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 19:03:58 [INFO] Building dependencies.jetty 1.0 [15/71] 19:03:58 [INFO] --------------------------------[ pom ]--------------------------------- 19:03:58 [INFO] 19:03:58 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jetty --- 19:03:58 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 19:03:58 [INFO] 19:03:58 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 19:03:58 [INFO] Copying jetty-http-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-http-10.0.24.jar 19:03:58 [INFO] Copying jetty-io-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-io-10.0.24.jar 19:03:58 [INFO] Copying jetty-security-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-security-10.0.24.jar 19:03:58 [INFO] Copying jetty-server-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-server-10.0.24.jar 19:03:58 [INFO] Copying jetty-util-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-util-10.0.24.jar 19:03:58 [INFO] 19:03:58 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.jetty --- 19:03:58 [INFO] Executing tasks 19:03:58 19:03:58 main: 19:04:03 [INFO] Executed tasks 19:04:03 [INFO] 19:04:03 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.jetty --- 19:04:03 [INFO] Checking for updates 19:04:03 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:04:03 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:04:03 [INFO] Check for updates complete (74 ms) 19:04:03 [INFO] 19:04:03 19:04:03 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:04:03 19:04:03 19:04:03 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:04:03 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:04:03 19:04:03 💖 Sponsor: https://github.com/sponsors/jeremylong 19:04:03 19:04:03 19:04:03 [INFO] Analysis Started 19:04:03 [INFO] Finished File Name Analyzer (0 seconds) 19:04:03 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:04:03 [INFO] Finished Hint Analyzer (0 seconds) 19:04:03 [INFO] Finished Version Filter Analyzer (0 seconds) 19:04:04 [INFO] Created CPE Index (1 seconds) 19:04:04 [INFO] Finished CPE Analyzer (1 seconds) 19:04:04 [INFO] Finished False Positive Analyzer (0 seconds) 19:04:04 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:04:04 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:04:04 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:04:04 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:04:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:04:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:04:04 [INFO] Analysis Complete (1 seconds) 19:04:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:04:04 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:04:04 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:04:04 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:04:05 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:04:05 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:04:05 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:04:05 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:04:05 [INFO] 19:04:05 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jminix >--------------- 19:04:05 [INFO] Building dependencies.jminix 1.0 [16/71] 19:04:05 [INFO] --------------------------------[ pom ]--------------------------------- 19:04:05 [INFO] 19:04:05 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jminix --- 19:04:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jminix (includes = [*.jar], excludes = []) 19:04:05 [INFO] 19:04:05 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jminix --- 19:04:05 [INFO] Copying jminix-standalone-1.2.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-standalone-1.2.0-gov4j-1.jar 19:04:05 [INFO] Copying jminix-1.2.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-1.2.0-gov4j-1.jar 19:04:05 [INFO] Copying org.restlet-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet-2.4.0.jar 19:04:05 [INFO] Copying org.restlet.ext.servlet-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet.ext.servlet-2.4.0.jar 19:04:05 [INFO] Copying org.restlet.ext.velocity-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet.ext.velocity-2.4.0.jar 19:04:05 [INFO] 19:04:05 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.jminix --- 19:04:05 [INFO] Executing tasks 19:04:05 19:04:05 main: 19:04:10 [INFO] Executed tasks 19:04:10 [INFO] 19:04:10 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.jminix --- 19:04:10 [INFO] Checking for updates 19:04:10 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:04:10 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:04:10 [INFO] Check for updates complete (68 ms) 19:04:10 [INFO] 19:04:10 19:04:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:04:10 19:04:10 19:04:10 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:04:10 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:04:10 19:04:10 💖 Sponsor: https://github.com/sponsors/jeremylong 19:04:10 19:04:10 19:04:10 [INFO] Analysis Started 19:04:10 [INFO] Finished Archive Analyzer (0 seconds) 19:04:10 [INFO] Finished File Name Analyzer (0 seconds) 19:04:10 [INFO] Finished Jar Analyzer (0 seconds) 19:04:10 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:04:10 [INFO] Finished Hint Analyzer (0 seconds) 19:04:10 [INFO] Finished Version Filter Analyzer (0 seconds) 19:04:11 [INFO] Created CPE Index (1 seconds) 19:04:11 [INFO] Finished CPE Analyzer (1 seconds) 19:04:11 [INFO] Finished False Positive Analyzer (0 seconds) 19:04:11 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:04:12 [INFO] Finished RetireJS Analyzer (1 seconds) 19:04:12 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:04:12 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:04:12 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:04:12 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:04:12 19:04:12 19:04:12 ## Recommendation 19:04:12 19:04:12 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:04:12 19:04:12 The following template can be used to demonstrate the vulnerability: 19:04:12 ```{{#with "constructor"}} 19:04:12 {{#with split as |a|}} 19:04:12 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:04:12 {{#with (concat (lookup join (slice 0 1)))}} 19:04:12 {{#each (slice 2 3)}} 19:04:12 {{#with (apply 0 a)}} 19:04:12 {{.}} 19:04:12 {{/with}} 19:04:12 {{/each}} 19:04:12 {{/with}} 19:04:12 {{/with}} 19:04:12 {{/with}}``` 19:04:12 19:04:12 19:04:12 ## Recommendation 19:04:12 19:04:12 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:12 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:04:12 [INFO] Analysis Complete (2 seconds) 19:04:12 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:04:12 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:04:12 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:04:12 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:04:12 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:04:12 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:04:12 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:04:12 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:04:12 [INFO] 19:04:12 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 19:04:12 [INFO] Building dependencies.json 1.0 [17/71] 19:04:12 [INFO] --------------------------------[ pom ]--------------------------------- 19:04:12 [INFO] 19:04:12 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.json --- 19:04:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 19:04:12 [INFO] 19:04:12 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 19:04:12 [INFO] Copying org.everit.json.schema-1.14.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/org.everit.json.schema-1.14.1.jar 19:04:12 [INFO] Copying uri-template-0.9.jar to /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.9.jar 19:04:12 [INFO] Copying json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar 19:04:12 [INFO] Copying itu-1.7.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/itu-1.7.0.jar 19:04:12 [INFO] Copying msg-simple-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/msg-simple-1.1.jar 19:04:12 [INFO] Copying libphonenumber-8.12.57.jar to /var/lib/jenkins/workspace/GovWay/lib/json/libphonenumber-8.12.57.jar 19:04:12 [INFO] Copying failureaccess-1.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/failureaccess-1.0.1.jar 19:04:12 [INFO] Copying json-smart-2.4.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-smart-2.4.10.jar 19:04:12 [INFO] Copying json-schema-core-1.2.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.8.jar 19:04:12 [INFO] Copying json-path-2.9.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0-gov4j-1.jar 19:04:12 [INFO] Copying json-lib-2.4-jdk15.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-lib-2.4-jdk15.jar 19:04:12 [INFO] Copying json-20231013.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-20231013.jar 19:04:12 [INFO] Copying jettison-1.5.4.jar to /var/lib/jenkins/workspace/GovWay/lib/json/jettison-1.5.4.jar 19:04:12 [INFO] Copying handy-uri-templates-2.1.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/handy-uri-templates-2.1.8.jar 19:04:12 [INFO] Copying json-schema-validator-2.2.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.10.jar 19:04:12 [INFO] Copying btf-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/json/btf-1.2.jar 19:04:12 [INFO] Copying accessors-smart-2.4.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/accessors-smart-2.4.8.jar 19:04:12 [INFO] 19:04:12 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.json --- 19:04:12 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.0.73.jar 19:04:12 [INFO] 19:04:12 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.json --- 19:04:12 [INFO] Executing tasks 19:04:12 19:04:12 main: 19:04:17 [INFO] Executed tasks 19:04:17 [INFO] 19:04:17 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.json --- 19:04:18 [INFO] Checking for updates 19:04:18 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:04:18 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:04:18 [INFO] Check for updates complete (79 ms) 19:04:18 [INFO] 19:04:18 19:04:18 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:04:18 19:04:18 19:04:18 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:04:18 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:04:18 19:04:18 💖 Sponsor: https://github.com/sponsors/jeremylong 19:04:18 19:04:18 19:04:18 [INFO] Analysis Started 19:04:18 [INFO] Finished Archive Analyzer (0 seconds) 19:04:18 [INFO] Finished File Name Analyzer (0 seconds) 19:04:18 [INFO] Finished Jar Analyzer (0 seconds) 19:04:18 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:04:18 [INFO] Finished Hint Analyzer (0 seconds) 19:04:18 [INFO] Finished Version Filter Analyzer (0 seconds) 19:04:19 [INFO] Created CPE Index (1 seconds) 19:04:19 [INFO] Finished CPE Analyzer (1 seconds) 19:04:19 [INFO] Finished False Positive Analyzer (0 seconds) 19:04:19 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:04:19 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:04:19 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:04:19 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:04:19 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:04:19 19:04:19 19:04:19 ## Recommendation 19:04:19 19:04:19 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:04:19 19:04:19 The following template can be used to demonstrate the vulnerability: 19:04:19 ```{{#with "constructor"}} 19:04:19 {{#with split as |a|}} 19:04:19 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:04:19 {{#with (concat (lookup join (slice 0 1)))}} 19:04:19 {{#each (slice 2 3)}} 19:04:19 {{#with (apply 0 a)}} 19:04:19 {{.}} 19:04:19 {{/with}} 19:04:19 {{/each}} 19:04:19 {{/with}} 19:04:19 {{/with}} 19:04:19 {{/with}}``` 19:04:19 19:04:19 19:04:19 ## Recommendation 19:04:19 19:04:19 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:19 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:04:19 [INFO] Analysis Complete (1 seconds) 19:04:19 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:04:19 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:04:19 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:04:19 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:04:19 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:04:19 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:04:19 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:04:19 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:04:19 [INFO] 19:04:19 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 19:04:19 [INFO] Building dependencies.log 1.0 [18/71] 19:04:19 [INFO] --------------------------------[ pom ]--------------------------------- 19:04:19 [INFO] 19:04:19 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.log --- 19:04:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 19:04:19 [INFO] 19:04:19 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 19:04:19 [INFO] Copying slf4j-api-2.0.3-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.3-gov4j-1.jar 19:04:19 [INFO] Copying log4j-1.2-api-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-1.2-api-2.19.0.jar 19:04:19 [INFO] Copying log4j-api-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-api-2.19.0.jar 19:04:19 [INFO] Copying log4j-core-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-core-2.19.0.jar 19:04:19 [INFO] Copying log4j-jcl-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-jcl-2.19.0.jar 19:04:19 [INFO] Copying log4j-slf4j2-impl-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-slf4j2-impl-2.19.0.jar 19:04:19 [INFO] 19:04:19 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.log --- 19:04:19 [INFO] Executing tasks 19:04:19 19:04:19 main: 19:04:24 [INFO] Executed tasks 19:04:24 [INFO] 19:04:24 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.log --- 19:04:25 [INFO] Checking for updates 19:04:25 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:04:25 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:04:25 [INFO] Check for updates complete (72 ms) 19:04:25 [INFO] 19:04:25 19:04:25 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:04:25 19:04:25 19:04:25 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:04:25 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:04:25 19:04:25 💖 Sponsor: https://github.com/sponsors/jeremylong 19:04:25 19:04:25 19:04:25 [INFO] Analysis Started 19:04:25 [INFO] Finished Archive Analyzer (0 seconds) 19:04:25 [INFO] Finished File Name Analyzer (0 seconds) 19:04:25 [INFO] Finished Jar Analyzer (0 seconds) 19:04:25 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:04:25 [INFO] Finished Hint Analyzer (0 seconds) 19:04:25 [INFO] Finished Version Filter Analyzer (0 seconds) 19:04:26 [INFO] Created CPE Index (1 seconds) 19:04:26 [INFO] Finished CPE Analyzer (1 seconds) 19:04:26 [INFO] Finished False Positive Analyzer (0 seconds) 19:04:26 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:04:26 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:04:26 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:04:26 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:04:26 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:04:26 19:04:26 19:04:26 ## Recommendation 19:04:26 19:04:26 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:04:26 19:04:26 The following template can be used to demonstrate the vulnerability: 19:04:26 ```{{#with "constructor"}} 19:04:26 {{#with split as |a|}} 19:04:26 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:04:26 {{#with (concat (lookup join (slice 0 1)))}} 19:04:26 {{#each (slice 2 3)}} 19:04:26 {{#with (apply 0 a)}} 19:04:26 {{.}} 19:04:26 {{/with}} 19:04:26 {{/each}} 19:04:26 {{/with}} 19:04:26 {{/with}} 19:04:26 {{/with}}``` 19:04:26 19:04:26 19:04:26 ## Recommendation 19:04:26 19:04:26 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:26 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:04:27 [INFO] Analysis Complete (1 seconds) 19:04:27 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:04:27 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:04:27 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:04:27 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:04:27 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:04:27 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:04:27 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:04:27 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:04:27 [INFO] 19:04:27 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 19:04:27 [INFO] Building dependencies.lucene 1.0 [19/71] 19:04:27 [INFO] --------------------------------[ pom ]--------------------------------- 19:04:27 [INFO] 19:04:27 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.lucene --- 19:04:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 19:04:27 [INFO] 19:04:27 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 19:04:27 [INFO] Copying lucene-codecs-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-codecs-9.12.0.jar 19:04:27 [INFO] Copying lucene-core-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-core-9.12.0.jar 19:04:27 [INFO] Copying lucene-misc-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-misc-9.12.0.jar 19:04:27 [INFO] Copying lucene-queries-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-queries-9.12.0.jar 19:04:27 [INFO] Copying lucene-suggest-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-suggest-9.12.0.jar 19:04:27 [INFO] 19:04:27 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.lucene --- 19:04:27 [INFO] Executing tasks 19:04:27 19:04:27 main: 19:04:32 [INFO] Executed tasks 19:04:32 [INFO] 19:04:32 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.lucene --- 19:04:32 [INFO] Checking for updates 19:04:32 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:04:32 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:04:32 [INFO] Check for updates complete (88 ms) 19:04:32 [INFO] 19:04:32 19:04:32 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:04:32 19:04:32 19:04:32 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:04:32 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:04:32 19:04:32 💖 Sponsor: https://github.com/sponsors/jeremylong 19:04:32 19:04:32 19:04:32 [INFO] Analysis Started 19:04:32 [INFO] Finished Archive Analyzer (0 seconds) 19:04:32 [INFO] Finished File Name Analyzer (0 seconds) 19:04:32 [INFO] Finished Jar Analyzer (0 seconds) 19:04:32 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:04:32 [INFO] Finished Hint Analyzer (0 seconds) 19:04:32 [INFO] Finished Version Filter Analyzer (0 seconds) 19:04:33 [INFO] Created CPE Index (1 seconds) 19:04:33 [INFO] Finished CPE Analyzer (1 seconds) 19:04:33 [INFO] Finished False Positive Analyzer (0 seconds) 19:04:33 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:04:33 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:04:33 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:04:33 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:04:33 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:04:33 19:04:33 19:04:33 ## Recommendation 19:04:33 19:04:33 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:04:33 19:04:33 The following template can be used to demonstrate the vulnerability: 19:04:33 ```{{#with "constructor"}} 19:04:33 {{#with split as |a|}} 19:04:33 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:04:33 {{#with (concat (lookup join (slice 0 1)))}} 19:04:33 {{#each (slice 2 3)}} 19:04:33 {{#with (apply 0 a)}} 19:04:33 {{.}} 19:04:33 {{/with}} 19:04:33 {{/each}} 19:04:33 {{/with}} 19:04:33 {{/with}} 19:04:33 {{/with}}``` 19:04:33 19:04:33 19:04:33 ## Recommendation 19:04:33 19:04:33 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:33 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:04:33 [INFO] Analysis Complete (1 seconds) 19:04:33 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:04:33 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:04:34 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:04:34 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:04:34 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:04:34 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:04:34 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:04:34 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:04:34 [INFO] 19:04:34 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 19:04:34 [INFO] Building dependencies.swagger 1.0 [20/71] 19:04:34 [INFO] --------------------------------[ pom ]--------------------------------- 19:04:34 [INFO] 19:04:34 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.openapi4j --- 19:04:34 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 19:04:34 [INFO] 19:04:34 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 19:04:34 [INFO] Copying openapi-core-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7-gov4j-7.jar 19:04:34 [INFO] Copying openapi-parser-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7-gov4j-7.jar 19:04:34 [INFO] Copying openapi-schema-validator-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7-gov4j-7.jar 19:04:34 [INFO] Copying openapi-operation-validator-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7-gov4j-7.jar 19:04:34 [INFO] 19:04:34 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.openapi4j --- 19:04:34 [INFO] Executing tasks 19:04:34 19:04:34 main: 19:04:39 [INFO] Executed tasks 19:04:39 [INFO] 19:04:39 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.openapi4j --- 19:04:39 [INFO] Checking for updates 19:04:39 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:04:39 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:04:39 [INFO] Check for updates complete (85 ms) 19:04:39 [INFO] 19:04:39 19:04:39 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:04:39 19:04:39 19:04:39 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:04:39 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:04:39 19:04:39 💖 Sponsor: https://github.com/sponsors/jeremylong 19:04:39 19:04:39 19:04:39 [INFO] Analysis Started 19:04:39 [INFO] Finished Archive Analyzer (0 seconds) 19:04:39 [INFO] Finished File Name Analyzer (0 seconds) 19:04:39 [INFO] Finished Jar Analyzer (0 seconds) 19:04:39 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:04:39 [INFO] Finished Hint Analyzer (0 seconds) 19:04:39 [INFO] Finished Version Filter Analyzer (0 seconds) 19:04:40 [INFO] Created CPE Index (1 seconds) 19:04:41 [INFO] Finished CPE Analyzer (1 seconds) 19:04:41 [INFO] Finished False Positive Analyzer (0 seconds) 19:04:41 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:04:41 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:04:41 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:04:41 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:04:41 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:04:41 19:04:41 19:04:41 ## Recommendation 19:04:41 19:04:41 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:04:41 19:04:41 The following template can be used to demonstrate the vulnerability: 19:04:41 ```{{#with "constructor"}} 19:04:41 {{#with split as |a|}} 19:04:41 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:04:41 {{#with (concat (lookup join (slice 0 1)))}} 19:04:41 {{#each (slice 2 3)}} 19:04:41 {{#with (apply 0 a)}} 19:04:41 {{.}} 19:04:41 {{/with}} 19:04:41 {{/each}} 19:04:41 {{/with}} 19:04:41 {{/with}} 19:04:41 {{/with}}``` 19:04:41 19:04:41 19:04:41 ## Recommendation 19:04:41 19:04:41 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:41 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:04:41 [INFO] Analysis Complete (1 seconds) 19:04:41 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:04:41 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:04:41 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:04:41 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:04:41 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:04:41 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:04:41 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:04:41 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:04:41 [INFO] 19:04:41 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 19:04:41 [INFO] Building dependencies.opensaml 1.0 [21/71] 19:04:41 [INFO] --------------------------------[ pom ]--------------------------------- 19:04:41 [INFO] 19:04:41 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.opensaml --- 19:04:41 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 19:04:41 [INFO] 19:04:41 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 19:04:41 [INFO] Copying opensaml-core-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-core-3.4.6.jar 19:04:41 [INFO] Copying opensaml-messaging-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-messaging-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-messaging-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-messaging-impl-3.4.6.jar 19:04:41 [INFO] Copying opensaml-profile-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-profile-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-profile-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-profile-impl-3.4.6.jar 19:04:41 [INFO] Copying opensaml-saml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-saml-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-saml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-saml-impl-3.4.6.jar 19:04:41 [INFO] Copying opensaml-security-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-security-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-security-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-security-impl-3.4.6.jar 19:04:41 [INFO] Copying opensaml-soap-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-soap-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-soap-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-soap-impl-3.4.6.jar 19:04:41 [INFO] Copying opensaml-storage-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-storage-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-storage-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-storage-impl-3.4.6.jar 19:04:41 [INFO] Copying opensaml-xacml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-xacml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-impl-3.4.6.jar 19:04:41 [INFO] Copying opensaml-xacml-saml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-saml-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-xacml-saml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-saml-impl-3.4.6.jar 19:04:41 [INFO] Copying opensaml-xmlsec-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xmlsec-api-3.4.6.jar 19:04:41 [INFO] Copying opensaml-xmlsec-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xmlsec-impl-3.4.6.jar 19:04:41 [INFO] Copying java-support-7.5.2.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/java-support-7.5.2.jar 19:04:41 [INFO] 19:04:41 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.opensaml --- 19:04:41 [INFO] Executing tasks 19:04:41 19:04:41 main: 19:04:46 [INFO] Executed tasks 19:04:46 [INFO] 19:04:46 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.opensaml --- 19:04:46 [INFO] Checking for updates 19:04:46 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:04:46 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:04:46 [INFO] Check for updates complete (108 ms) 19:04:46 [INFO] 19:04:46 19:04:46 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:04:46 19:04:46 19:04:46 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:04:46 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:04:46 19:04:46 💖 Sponsor: https://github.com/sponsors/jeremylong 19:04:46 19:04:46 19:04:46 [INFO] Analysis Started 19:04:46 [INFO] Finished Archive Analyzer (0 seconds) 19:04:46 [INFO] Finished File Name Analyzer (0 seconds) 19:04:46 [INFO] Finished Jar Analyzer (0 seconds) 19:04:46 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:04:46 [INFO] Finished Hint Analyzer (0 seconds) 19:04:46 [INFO] Finished Version Filter Analyzer (0 seconds) 19:04:48 [INFO] Created CPE Index (1 seconds) 19:04:48 [INFO] Finished CPE Analyzer (1 seconds) 19:04:48 [INFO] Finished False Positive Analyzer (0 seconds) 19:04:48 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:04:48 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:04:48 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:04:48 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:04:48 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:04:48 19:04:48 19:04:48 ## Recommendation 19:04:48 19:04:48 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:04:48 19:04:48 The following template can be used to demonstrate the vulnerability: 19:04:48 ```{{#with "constructor"}} 19:04:48 {{#with split as |a|}} 19:04:48 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:04:48 {{#with (concat (lookup join (slice 0 1)))}} 19:04:48 {{#each (slice 2 3)}} 19:04:48 {{#with (apply 0 a)}} 19:04:48 {{.}} 19:04:48 {{/with}} 19:04:48 {{/each}} 19:04:48 {{/with}} 19:04:48 {{/with}} 19:04:48 {{/with}}``` 19:04:48 19:04:48 19:04:48 ## Recommendation 19:04:48 19:04:48 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:48 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:04:48 [INFO] Analysis Complete (1 seconds) 19:04:48 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:04:48 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:04:48 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:04:48 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:04:48 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:04:48 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:04:48 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:04:48 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:04:48 [INFO] 19:04:48 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 19:04:48 [INFO] Building dependencies.pdf 1.0 [22/71] 19:04:48 [INFO] --------------------------------[ pom ]--------------------------------- 19:04:48 [INFO] 19:04:48 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.pdf --- 19:04:48 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 19:04:48 [INFO] 19:04:48 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 19:04:48 [INFO] Copying pdfbox-2.0.27.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/pdfbox-2.0.27.jar 19:04:48 [INFO] Copying fontbox-2.0.27.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/fontbox-2.0.27.jar 19:04:48 [INFO] Copying boxable-1.7.0.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/boxable-1.7.0.jar 19:04:48 [INFO] 19:04:48 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.pdf --- 19:04:48 [INFO] Executing tasks 19:04:48 19:04:48 main: 19:04:53 [INFO] Executed tasks 19:04:53 [INFO] 19:04:53 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.pdf --- 19:04:53 [INFO] Checking for updates 19:04:53 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:04:53 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:04:53 [INFO] Check for updates complete (73 ms) 19:04:53 [INFO] 19:04:53 19:04:53 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:04:53 19:04:53 19:04:53 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:04:53 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:04:53 19:04:53 💖 Sponsor: https://github.com/sponsors/jeremylong 19:04:53 19:04:53 19:04:53 [INFO] Analysis Started 19:04:54 [INFO] Finished Archive Analyzer (0 seconds) 19:04:54 [INFO] Finished File Name Analyzer (0 seconds) 19:04:54 [INFO] Finished Jar Analyzer (0 seconds) 19:04:54 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:04:54 [INFO] Finished Hint Analyzer (0 seconds) 19:04:54 [INFO] Finished Version Filter Analyzer (0 seconds) 19:04:55 [INFO] Created CPE Index (1 seconds) 19:04:55 [INFO] Finished CPE Analyzer (1 seconds) 19:04:55 [INFO] Finished False Positive Analyzer (0 seconds) 19:04:55 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:04:55 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:04:55 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:04:55 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:04:55 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:04:55 19:04:55 19:04:55 ## Recommendation 19:04:55 19:04:55 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:04:55 19:04:55 The following template can be used to demonstrate the vulnerability: 19:04:55 ```{{#with "constructor"}} 19:04:55 {{#with split as |a|}} 19:04:55 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:04:55 {{#with (concat (lookup join (slice 0 1)))}} 19:04:55 {{#each (slice 2 3)}} 19:04:55 {{#with (apply 0 a)}} 19:04:55 {{.}} 19:04:55 {{/with}} 19:04:55 {{/each}} 19:04:55 {{/with}} 19:04:55 {{/with}} 19:04:55 {{/with}}``` 19:04:55 19:04:55 19:04:55 ## Recommendation 19:04:55 19:04:55 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:04:55 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:04:55 [INFO] Analysis Complete (1 seconds) 19:04:55 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:04:55 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:04:55 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:04:55 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:04:55 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:04:55 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:04:55 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:04:55 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:04:55 [INFO] 19:04:55 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 19:04:55 [INFO] Building dependencies.redis 1.0 [23/71] 19:04:55 [INFO] --------------------------------[ pom ]--------------------------------- 19:04:55 [INFO] 19:04:55 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.redis --- 19:04:55 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 19:04:55 [INFO] 19:04:55 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 19:04:55 [INFO] Copying redisson-3.23.5.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/redisson-3.23.5.jar 19:04:55 [INFO] Copying netty-resolver-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-resolver-4.1.115.Final.jar 19:04:55 [INFO] Copying netty-resolver-dns-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-resolver-dns-4.1.115.Final.jar 19:04:55 [INFO] Copying netty-common-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-common-4.1.115.Final.jar 19:04:55 [INFO] Copying netty-buffer-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-buffer-4.1.115.Final.jar 19:04:55 [INFO] Copying netty-transport-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-transport-4.1.115.Final.jar 19:04:55 [INFO] Copying netty-codec-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-codec-4.1.115.Final.jar 19:04:55 [INFO] Copying netty-codec-dns-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-codec-dns-4.1.115.Final.jar 19:04:55 [INFO] Copying jboss-marshalling-2.1.3.SP1.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/jboss-marshalling-2.1.3.SP1.jar 19:04:55 [INFO] Copying jboss-marshalling-river-2.1.3.SP1.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/jboss-marshalling-river-2.1.3.SP1.jar 19:04:55 [INFO] Copying objenesis-3.3.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/objenesis-3.3.jar 19:04:55 [INFO] Copying kryo-5.5.0.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/kryo-5.5.0.jar 19:04:55 [INFO] 19:04:55 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.redis --- 19:04:55 [INFO] Executing tasks 19:04:55 19:04:55 main: 19:05:00 [INFO] Executed tasks 19:05:00 [INFO] 19:05:00 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.redis --- 19:05:00 [INFO] Checking for updates 19:05:00 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:00 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:00 [INFO] Check for updates complete (68 ms) 19:05:00 [INFO] 19:05:00 19:05:00 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:00 19:05:00 19:05:00 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:00 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:00 19:05:00 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:00 19:05:00 19:05:00 [INFO] Analysis Started 19:05:00 [INFO] Finished Archive Analyzer (0 seconds) 19:05:00 [INFO] Finished File Name Analyzer (0 seconds) 19:05:01 [INFO] Finished Jar Analyzer (0 seconds) 19:05:01 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:01 [INFO] Finished Hint Analyzer (0 seconds) 19:05:01 [INFO] Finished Version Filter Analyzer (0 seconds) 19:05:02 [INFO] Created CPE Index (1 seconds) 19:05:02 [INFO] Finished CPE Analyzer (1 seconds) 19:05:02 [INFO] Finished False Positive Analyzer (0 seconds) 19:05:02 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:05:02 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:05:02 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:05:02 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:05:02 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:05:02 19:05:02 19:05:02 ## Recommendation 19:05:02 19:05:02 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:05:02 19:05:02 The following template can be used to demonstrate the vulnerability: 19:05:02 ```{{#with "constructor"}} 19:05:02 {{#with split as |a|}} 19:05:02 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:05:02 {{#with (concat (lookup join (slice 0 1)))}} 19:05:02 {{#each (slice 2 3)}} 19:05:02 {{#with (apply 0 a)}} 19:05:02 {{.}} 19:05:02 {{/with}} 19:05:02 {{/each}} 19:05:02 {{/with}} 19:05:02 {{/with}} 19:05:02 {{/with}}``` 19:05:02 19:05:02 19:05:02 ## Recommendation 19:05:02 19:05:02 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:02 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:05:02 [INFO] Analysis Complete (1 seconds) 19:05:02 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:05:02 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:05:02 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:05:02 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:05:02 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:05:02 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:05:02 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:05:02 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:05:02 [INFO] 19:05:02 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 19:05:02 [INFO] Building dependencies.reports 1.0 [24/71] 19:05:02 [INFO] --------------------------------[ pom ]--------------------------------- 19:05:02 [INFO] 19:05:02 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.reports --- 19:05:02 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 19:05:02 [INFO] 19:05:02 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 19:05:02 [INFO] Copying net.tascalate.javaflow.api-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/net.tascalate.javaflow.api-2.7.3.jar 19:05:02 [INFO] Copying SparseBitSet-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/SparseBitSet-1.2.jar 19:05:02 [INFO] Copying jfreechart-1.5.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jfreechart-1.5.3.jar 19:05:02 [INFO] Copying poi-5.2.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/poi-5.2.3.jar 19:05:02 [INFO] Copying jcommon-1.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jcommon-1.0.24.jar 19:05:02 [INFO] Copying jasperreports-6.20.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jasperreports-6.20.0.jar 19:05:02 [INFO] Copying jasperreports-metadata-6.20.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jasperreports-metadata-6.20.0.jar 19:05:02 [INFO] Copying ecj-3.31.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/ecj-3.31.0.jar 19:05:02 [INFO] Copying dynamicreports-core-6.12.1.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/dynamicreports-core-6.12.1.jar 19:05:02 [INFO] 19:05:02 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.reports --- 19:05:02 [INFO] Executing tasks 19:05:02 19:05:02 main: 19:05:07 [INFO] Executed tasks 19:05:07 [INFO] 19:05:07 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.reports --- 19:05:07 [INFO] Checking for updates 19:05:07 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:07 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:07 [INFO] Check for updates complete (67 ms) 19:05:07 [INFO] 19:05:07 19:05:07 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:07 19:05:07 19:05:07 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:07 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:07 19:05:07 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:07 19:05:07 19:05:07 [INFO] Analysis Started 19:05:08 [INFO] Finished Archive Analyzer (0 seconds) 19:05:08 [INFO] Finished File Name Analyzer (0 seconds) 19:05:08 [INFO] Finished Jar Analyzer (0 seconds) 19:05:08 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:08 [INFO] Finished Hint Analyzer (0 seconds) 19:05:08 [INFO] Finished Version Filter Analyzer (0 seconds) 19:05:09 [INFO] Created CPE Index (1 seconds) 19:05:09 [INFO] Finished CPE Analyzer (1 seconds) 19:05:09 [INFO] Finished False Positive Analyzer (0 seconds) 19:05:09 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:05:09 [INFO] Finished RetireJS Analyzer (0 seconds) 19:05:09 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:05:09 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:05:09 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:05:09 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:05:09 19:05:09 19:05:09 ## Recommendation 19:05:09 19:05:09 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:05:09 19:05:09 The following template can be used to demonstrate the vulnerability: 19:05:09 ```{{#with "constructor"}} 19:05:09 {{#with split as |a|}} 19:05:09 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:05:09 {{#with (concat (lookup join (slice 0 1)))}} 19:05:09 {{#each (slice 2 3)}} 19:05:09 {{#with (apply 0 a)}} 19:05:09 {{.}} 19:05:09 {{/with}} 19:05:09 {{/each}} 19:05:09 {{/with}} 19:05:09 {{/with}} 19:05:09 {{/with}}``` 19:05:09 19:05:09 19:05:09 ## Recommendation 19:05:09 19:05:09 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:09 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:05:09 [INFO] Analysis Complete (2 seconds) 19:05:09 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:05:09 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:05:09 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:05:09 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:05:09 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:05:09 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:05:09 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:05:09 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:05:09 [INFO] 19:05:09 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 19:05:09 [INFO] Building dependencies.saaj 1.0 [25/71] 19:05:09 [INFO] --------------------------------[ pom ]--------------------------------- 19:05:09 [INFO] 19:05:09 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.saaj --- 19:05:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 19:05:09 [INFO] 19:05:09 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 19:05:09 [INFO] Copying mimepull-1.9.14.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/mimepull-1.9.14.jar 19:05:09 [INFO] Copying javax.xml.soap-api-1.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/javax.xml.soap-api-1.4.0.jar 19:05:09 [INFO] Copying saaj-impl-1.5.3-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-1.5.3-gov4j-1.jar 19:05:09 [INFO] Copying stax-ex-1.8.3.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/stax-ex-1.8.3.jar 19:05:09 [INFO] 19:05:09 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.saaj --- 19:05:09 [INFO] Executing tasks 19:05:09 19:05:09 main: 19:05:14 [INFO] Executed tasks 19:05:14 [INFO] 19:05:14 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.saaj --- 19:05:15 [INFO] Checking for updates 19:05:15 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:15 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:15 [INFO] Check for updates complete (71 ms) 19:05:15 [INFO] 19:05:15 19:05:15 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:15 19:05:15 19:05:15 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:15 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:15 19:05:15 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:15 19:05:15 19:05:15 [INFO] Analysis Started 19:05:15 [INFO] Finished Archive Analyzer (0 seconds) 19:05:15 [INFO] Finished File Name Analyzer (0 seconds) 19:05:15 [INFO] Finished Jar Analyzer (0 seconds) 19:05:15 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:15 [INFO] Finished Hint Analyzer (0 seconds) 19:05:15 [INFO] Finished Version Filter Analyzer (0 seconds) 19:05:16 [INFO] Created CPE Index (1 seconds) 19:05:16 [INFO] Finished CPE Analyzer (1 seconds) 19:05:16 [INFO] Finished False Positive Analyzer (0 seconds) 19:05:16 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:05:16 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:05:16 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:05:16 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:05:16 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:05:16 19:05:16 19:05:16 ## Recommendation 19:05:16 19:05:16 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:05:16 19:05:16 The following template can be used to demonstrate the vulnerability: 19:05:16 ```{{#with "constructor"}} 19:05:16 {{#with split as |a|}} 19:05:16 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:05:16 {{#with (concat (lookup join (slice 0 1)))}} 19:05:16 {{#each (slice 2 3)}} 19:05:16 {{#with (apply 0 a)}} 19:05:16 {{.}} 19:05:16 {{/with}} 19:05:16 {{/each}} 19:05:16 {{/with}} 19:05:16 {{/with}} 19:05:16 {{/with}}``` 19:05:16 19:05:16 19:05:16 ## Recommendation 19:05:16 19:05:16 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:16 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:05:16 [INFO] Analysis Complete (1 seconds) 19:05:16 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:05:16 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:05:16 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:05:16 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:05:16 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:05:16 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:05:16 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:05:16 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:05:16 [INFO] 19:05:16 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 19:05:16 [INFO] Building dependencies.security 1.0 [26/71] 19:05:16 [INFO] --------------------------------[ pom ]--------------------------------- 19:05:16 [INFO] 19:05:16 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.security --- 19:05:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 19:05:16 [INFO] 19:05:16 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 19:05:16 [INFO] Copying bcpkix-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcpkix-jdk18on-1.78.1.jar 19:05:16 [INFO] Copying bcprov-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcprov-jdk18on-1.78.1.jar 19:05:16 [INFO] Copying bcutil-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcutil-jdk18on-1.78.1.jar 19:05:16 [INFO] Copying cryptacular-1.2.5.jar to /var/lib/jenkins/workspace/GovWay/lib/security/cryptacular-1.2.5.jar 19:05:16 [INFO] Copying herasaf-xacml-core-2.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/security/herasaf-xacml-core-2.0.4.jar 19:05:16 [INFO] Copying jasypt-1.9.3.jar to /var/lib/jenkins/workspace/GovWay/lib/security/jasypt-1.9.3.jar 19:05:16 [INFO] Copying neethi-3.2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/security/neethi-3.2.0.jar 19:05:16 [INFO] Copying xmlsec-2.3.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/xmlsec-2.3.4-gov4j-1.jar 19:05:16 [INFO] Copying xml-security-impl-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/security/xml-security-impl-1.0.jar 19:05:16 [INFO] Copying nimbus-jose-jwt-9.37.3.jar to /var/lib/jenkins/workspace/GovWay/lib/security/nimbus-jose-jwt-9.37.3.jar 19:05:16 [INFO] 19:05:16 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.security --- 19:05:16 [INFO] Executing tasks 19:05:16 19:05:16 main: 19:05:21 [INFO] Executed tasks 19:05:21 [INFO] 19:05:21 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.security --- 19:05:21 [INFO] Checking for updates 19:05:21 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:22 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:22 [INFO] Check for updates complete (68 ms) 19:05:22 [INFO] 19:05:22 19:05:22 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:22 19:05:22 19:05:22 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:22 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:22 19:05:22 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:22 19:05:22 19:05:22 [INFO] Analysis Started 19:05:22 [INFO] Finished Archive Analyzer (0 seconds) 19:05:22 [INFO] Finished File Name Analyzer (0 seconds) 19:05:22 [INFO] Finished Jar Analyzer (0 seconds) 19:05:22 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:22 [INFO] Finished Hint Analyzer (0 seconds) 19:05:22 [INFO] Finished Version Filter Analyzer (0 seconds) 19:05:23 [INFO] Created CPE Index (1 seconds) 19:05:24 [INFO] Finished CPE Analyzer (1 seconds) 19:05:24 [INFO] Finished False Positive Analyzer (0 seconds) 19:05:24 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:05:24 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:05:24 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:05:24 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:05:24 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:05:24 19:05:24 19:05:24 ## Recommendation 19:05:24 19:05:24 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:05:24 19:05:24 The following template can be used to demonstrate the vulnerability: 19:05:24 ```{{#with "constructor"}} 19:05:24 {{#with split as |a|}} 19:05:24 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:05:24 {{#with (concat (lookup join (slice 0 1)))}} 19:05:24 {{#each (slice 2 3)}} 19:05:24 {{#with (apply 0 a)}} 19:05:24 {{.}} 19:05:24 {{/with}} 19:05:24 {{/each}} 19:05:24 {{/with}} 19:05:24 {{/with}} 19:05:24 {{/with}}``` 19:05:24 19:05:24 19:05:24 ## Recommendation 19:05:24 19:05:24 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:24 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:05:24 [INFO] Analysis Complete (1 seconds) 19:05:24 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:05:24 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:05:24 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:05:24 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:05:24 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:05:24 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:05:24 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:05:24 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:05:24 [INFO] 19:05:24 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 19:05:24 [INFO] Building dependencies.shared 1.0 [27/71] 19:05:24 [INFO] --------------------------------[ pom ]--------------------------------- 19:05:24 [INFO] 19:05:24 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.shared --- 19:05:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 19:05:24 [INFO] 19:05:24 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 19:05:24 [INFO] Copying xmldb-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmldb-1.0.jar 19:05:24 [INFO] Copying reflections-0.10.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/reflections-0.10.2.jar 19:05:24 [INFO] Copying reactive-streams-1.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/reactive-streams-1.0.4.jar 19:05:24 [INFO] Copying javassist-3.29.2-GA.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/javassist-3.29.2-GA.jar 19:05:24 [INFO] Copying commons-jcs3-core-3.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/commons-jcs3-core-3.1-gov4j-2.jar 19:05:24 [INFO] Copying urlrewritefilter-4.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/urlrewritefilter-4.0.4.jar 19:05:24 [INFO] Copying velocity-engine-core-2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-engine-core-2.4.jar 19:05:24 [INFO] Copying velocity-tools-generic-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-generic-3.1.jar 19:05:24 [INFO] Copying velocity-tools-view-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-view-3.1.jar 19:05:24 [INFO] Copying velocity-tools-view-jsp-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-view-jsp-3.1.jar 19:05:24 [INFO] Copying wsdl4j-1.6.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/wsdl4j-1.6.3.jar 19:05:24 [INFO] Copying xalan-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xalan-2.7.3.jar 19:05:24 [INFO] Copying serializer-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/serializer-2.7.3.jar 19:05:24 [INFO] Copying xercesImpl-2.12.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xercesImpl-2.12.2.jar 19:05:24 [INFO] Copying xml-apis-1.4.01.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xml-apis-1.4.01.jar 19:05:24 [INFO] Copying xmlunit-legacy-2.10.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlunit-legacy-2.10.0.jar 19:05:24 [INFO] Copying xmlunit-core-2.10.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlunit-core-2.10.0.jar 19:05:24 [INFO] Copying xom-1.2.11.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xom-1.2.11.jar 19:05:24 [INFO] Copying uddi4j-2.0.5.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/uddi4j-2.0.5.jar 19:05:24 [INFO] Copying mailapi-1.6.7.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/mailapi-1.6.7.jar 19:05:24 [INFO] Copying smtp-1.6.7.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/smtp-1.6.7.jar 19:05:24 [INFO] Copying Saxon-HE-11.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-11.4-gov4j-1.jar 19:05:24 [INFO] Copying xmlresolver-4.4.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlresolver-4.4.3.jar 19:05:24 [INFO] Copying snakeyaml-1.33-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-1.33-gov4j-1.jar 19:05:24 [INFO] Copying struts-core-1.3.10.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/struts-core-1.3.10.jar 19:05:24 [INFO] Copying com.springsource.edu.oswego.cs.dl.util.concurrent-1.3.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/com.springsource.edu.oswego.cs.dl.util.concurrent-1.3.4.jar 19:05:24 [INFO] Copying ezmorph-1.0.6.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/ezmorph-1.0.6.jar 19:05:24 [INFO] Copying freemarker-2.3.31.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/freemarker-2.3.31.jar 19:05:24 [INFO] Copying guava-32.1.1-jre.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/guava-32.1.1-jre.jar 19:05:24 [INFO] Copying java-uuid-generator-4.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/java-uuid-generator-4.0.1.jar 19:05:24 [INFO] Copying joda-time-2.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/joda-time-2.12.0.jar 19:05:24 [INFO] Copying aspectjrt-1.9.9.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/aspectjrt-1.9.9.1.jar 19:05:24 [INFO] Copying aspectjweaver-1.9.9.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/aspectjweaver-1.9.9.1.jar 19:05:24 [INFO] Copying jakarta.activation-1.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/jakarta.activation-1.2.2.jar 19:05:24 [INFO] Copying ehcache-3.10.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/ehcache-3.10.2.jar 19:05:24 [INFO] Copying rhino-1.7.14.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/rhino-1.7.14.jar 19:05:24 [INFO] Copying hazelcast-5.3.5.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/hazelcast-5.3.5.jar 19:05:24 [INFO] Copying hibernate-core-6.1.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/hibernate-core-6.1.4.Final.jar 19:05:24 [INFO] 19:05:24 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.shared --- 19:05:24 [INFO] Executing tasks 19:05:24 19:05:24 main: 19:05:29 [INFO] Executed tasks 19:05:29 [INFO] 19:05:29 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.shared --- 19:05:29 [INFO] Checking for updates 19:05:29 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:29 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:29 [INFO] Check for updates complete (73 ms) 19:05:29 [INFO] 19:05:29 19:05:29 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:29 19:05:29 19:05:29 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:29 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:29 19:05:29 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:29 19:05:29 19:05:29 [INFO] Analysis Started 19:05:30 [INFO] Finished Archive Analyzer (0 seconds) 19:05:30 [INFO] Finished File Name Analyzer (0 seconds) 19:05:30 [INFO] Finished Jar Analyzer (0 seconds) 19:05:30 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:30 [INFO] Finished Hint Analyzer (0 seconds) 19:05:30 [INFO] Finished Version Filter Analyzer (0 seconds) 19:05:31 [INFO] Created CPE Index (0 seconds) 19:05:32 [INFO] Finished CPE Analyzer (1 seconds) 19:05:32 [INFO] Finished False Positive Analyzer (0 seconds) 19:05:32 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:05:32 [INFO] Finished RetireJS Analyzer (0 seconds) 19:05:32 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:05:32 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:05:32 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:05:32 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:05:32 19:05:32 19:05:32 ## Recommendation 19:05:32 19:05:32 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:05:32 19:05:32 The following template can be used to demonstrate the vulnerability: 19:05:32 ```{{#with "constructor"}} 19:05:32 {{#with split as |a|}} 19:05:32 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:05:32 {{#with (concat (lookup join (slice 0 1)))}} 19:05:32 {{#each (slice 2 3)}} 19:05:32 {{#with (apply 0 a)}} 19:05:32 {{.}} 19:05:32 {{/with}} 19:05:32 {{/each}} 19:05:32 {{/with}} 19:05:32 {{/with}} 19:05:32 {{/with}}``` 19:05:32 19:05:32 19:05:32 ## Recommendation 19:05:32 19:05:32 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:32 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:05:32 [INFO] Analysis Complete (3 seconds) 19:05:32 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:05:32 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:05:32 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:05:32 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:05:32 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:05:32 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:05:32 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:05:32 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:05:32 [INFO] 19:05:32 [INFO] --------------< org.openspcoop2:org.openspcoop2.soapbox >--------------- 19:05:32 [INFO] Building dependencies.soapbox 1.0 [28/71] 19:05:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:05:32 [INFO] 19:05:32 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.soapbox --- 19:05:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/soapbox (includes = [*.jar], excludes = []) 19:05:32 [INFO] 19:05:32 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.soapbox --- 19:05:32 [INFO] Copying metro-webservices_xwss_com_sun_xml-2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/metro-webservices_xwss_com_sun_xml-2.2.jar 19:05:32 [INFO] Copying ultraesb-api-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/ultraesb-api-1.7.1.jar 19:05:32 [INFO] Copying ultraesb-core-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/ultraesb-core-1.7.1.jar 19:05:32 [INFO] 19:05:32 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.soapbox --- 19:05:32 [INFO] Executing tasks 19:05:32 19:05:32 main: 19:05:37 [INFO] Executed tasks 19:05:37 [INFO] 19:05:37 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.soapbox --- 19:05:38 [INFO] Checking for updates 19:05:38 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:38 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:38 [INFO] Check for updates complete (74 ms) 19:05:38 [INFO] 19:05:38 19:05:38 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:38 19:05:38 19:05:38 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:38 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:38 19:05:38 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:38 19:05:38 19:05:38 [INFO] Analysis Started 19:05:38 [INFO] Finished Archive Analyzer (0 seconds) 19:05:38 [INFO] Finished File Name Analyzer (0 seconds) 19:05:38 [INFO] Finished Jar Analyzer (0 seconds) 19:05:38 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:38 [INFO] Finished Hint Analyzer (0 seconds) 19:05:38 [INFO] Finished Version Filter Analyzer (0 seconds) 19:05:39 [INFO] Created CPE Index (1 seconds) 19:05:39 [INFO] Finished CPE Analyzer (1 seconds) 19:05:39 [INFO] Finished False Positive Analyzer (0 seconds) 19:05:39 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:05:39 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:05:39 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:05:39 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:05:39 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:05:39 19:05:39 19:05:39 ## Recommendation 19:05:39 19:05:39 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:05:39 19:05:39 The following template can be used to demonstrate the vulnerability: 19:05:39 ```{{#with "constructor"}} 19:05:39 {{#with split as |a|}} 19:05:39 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:05:39 {{#with (concat (lookup join (slice 0 1)))}} 19:05:39 {{#each (slice 2 3)}} 19:05:39 {{#with (apply 0 a)}} 19:05:39 {{.}} 19:05:39 {{/with}} 19:05:39 {{/each}} 19:05:39 {{/with}} 19:05:39 {{/with}} 19:05:39 {{/with}}``` 19:05:39 19:05:39 19:05:39 ## Recommendation 19:05:39 19:05:39 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:39 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:05:39 [INFO] Analysis Complete (1 seconds) 19:05:39 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:05:39 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:05:39 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:05:39 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:05:39 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:05:40 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:05:40 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:05:40 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:05:40 [INFO] 19:05:40 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 19:05:40 [INFO] Building dependencies.spring 1.0 [29/71] 19:05:40 [INFO] --------------------------------[ pom ]--------------------------------- 19:05:40 [INFO] 19:05:40 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring --- 19:05:40 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 19:05:40 [INFO] 19:05:40 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 19:05:40 [INFO] Copying spring-aop-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-aop-5.3.39.jar 19:05:40 [INFO] Copying spring-aspects-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-aspects-5.3.39.jar 19:05:40 [INFO] Copying spring-beans-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-beans-5.3.39-gov4j-1.jar 19:05:40 [INFO] Copying spring-context-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-5.3.39-gov4j-1.jar 19:05:40 [INFO] Copying spring-context-support-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-support-5.3.39-gov4j-1.jar 19:05:40 [INFO] Copying spring-core-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-core-5.3.39-gov4j-1.jar 19:05:40 [INFO] Copying spring-expression-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-expression-5.3.39-gov4j-1.jar 19:05:40 [INFO] Copying spring-orm-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-orm-5.3.39.jar 19:05:40 [INFO] Copying spring-tx-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-tx-5.3.39.jar 19:05:40 [INFO] Copying spring-web-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-web-5.3.39-gov4j-1.jar 19:05:40 [INFO] 19:05:40 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.spring --- 19:05:40 [INFO] Executing tasks 19:05:40 19:05:40 main: 19:05:45 [INFO] Executed tasks 19:05:45 [INFO] 19:05:45 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.spring --- 19:05:45 [INFO] Checking for updates 19:05:45 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:45 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:45 [INFO] Check for updates complete (70 ms) 19:05:45 [INFO] 19:05:45 19:05:45 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:45 19:05:45 19:05:45 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:45 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:45 19:05:45 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:45 19:05:45 19:05:45 [INFO] Analysis Started 19:05:45 [INFO] Finished Archive Analyzer (0 seconds) 19:05:45 [INFO] Finished File Name Analyzer (0 seconds) 19:05:45 [INFO] Finished Jar Analyzer (0 seconds) 19:05:45 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:45 [INFO] Finished Hint Analyzer (0 seconds) 19:05:45 [INFO] Finished Version Filter Analyzer (0 seconds) 19:05:46 [INFO] Created CPE Index (1 seconds) 19:05:47 [INFO] Finished CPE Analyzer (1 seconds) 19:05:47 [INFO] Finished False Positive Analyzer (0 seconds) 19:05:47 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:05:47 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:05:47 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:05:47 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:05:47 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:05:47 19:05:47 19:05:47 ## Recommendation 19:05:47 19:05:47 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:05:47 19:05:47 The following template can be used to demonstrate the vulnerability: 19:05:47 ```{{#with "constructor"}} 19:05:47 {{#with split as |a|}} 19:05:47 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:05:47 {{#with (concat (lookup join (slice 0 1)))}} 19:05:47 {{#each (slice 2 3)}} 19:05:47 {{#with (apply 0 a)}} 19:05:47 {{.}} 19:05:47 {{/with}} 19:05:47 {{/each}} 19:05:47 {{/with}} 19:05:47 {{/with}} 19:05:47 {{/with}}``` 19:05:47 19:05:47 19:05:47 ## Recommendation 19:05:47 19:05:47 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:47 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:05:47 [INFO] Analysis Complete (1 seconds) 19:05:47 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:05:47 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:05:47 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:05:47 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:05:47 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:05:47 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:05:47 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:05:47 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:05:47 [INFO] 19:05:47 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 19:05:47 [INFO] Building dependencies.spring-ldap 1.0 [30/71] 19:05:47 [INFO] --------------------------------[ pom ]--------------------------------- 19:05:47 [INFO] 19:05:47 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring-ldap --- 19:05:47 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 19:05:47 [INFO] 19:05:47 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 19:05:47 [INFO] Copying spring-ldap-core-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-ldap/spring-ldap-core-2.4.2.jar 19:05:47 [INFO] Copying spring-ldap-ldif-core-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-ldap/spring-ldap-ldif-core-2.4.2.jar 19:05:47 [INFO] 19:05:47 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.spring-ldap --- 19:05:47 [INFO] Executing tasks 19:05:47 19:05:47 main: 19:05:52 [INFO] Executed tasks 19:05:52 [INFO] 19:05:52 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.spring-ldap --- 19:05:52 [INFO] Checking for updates 19:05:52 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:52 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:52 [INFO] Check for updates complete (80 ms) 19:05:52 [INFO] 19:05:52 19:05:52 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:52 19:05:52 19:05:52 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:52 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:52 19:05:52 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:52 19:05:52 19:05:52 [INFO] Analysis Started 19:05:52 [INFO] Finished Archive Analyzer (0 seconds) 19:05:52 [INFO] Finished File Name Analyzer (0 seconds) 19:05:52 [INFO] Finished Jar Analyzer (0 seconds) 19:05:52 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:52 [INFO] Finished Hint Analyzer (0 seconds) 19:05:52 [INFO] Finished Version Filter Analyzer (0 seconds) 19:05:53 [INFO] Created CPE Index (1 seconds) 19:05:53 [INFO] Finished CPE Analyzer (1 seconds) 19:05:53 [INFO] Finished False Positive Analyzer (0 seconds) 19:05:53 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:05:53 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:05:53 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:05:53 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:05:53 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:05:53 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:53 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:53 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:05:53 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:05:53 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:05:54 19:05:54 19:05:54 ## Recommendation 19:05:54 19:05:54 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:05:54 19:05:54 The following template can be used to demonstrate the vulnerability: 19:05:54 ```{{#with "constructor"}} 19:05:54 {{#with split as |a|}} 19:05:54 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:05:54 {{#with (concat (lookup join (slice 0 1)))}} 19:05:54 {{#each (slice 2 3)}} 19:05:54 {{#with (apply 0 a)}} 19:05:54 {{.}} 19:05:54 {{/with}} 19:05:54 {{/each}} 19:05:54 {{/with}} 19:05:54 {{/with}} 19:05:54 {{/with}}``` 19:05:54 19:05:54 19:05:54 ## Recommendation 19:05:54 19:05:54 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:05:54 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:05:54 [INFO] Analysis Complete (1 seconds) 19:05:54 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:05:54 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:05:54 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:05:54 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:05:54 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:05:54 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:05:54 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:05:54 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:05:54 [INFO] 19:05:54 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 19:05:54 [INFO] Building dependencies.spring-security 1.0 [31/71] 19:05:54 [INFO] --------------------------------[ pom ]--------------------------------- 19:05:54 [INFO] 19:05:54 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring-security --- 19:05:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 19:05:54 [INFO] 19:05:54 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 19:05:54 [INFO] Copying spring-security-config-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-config-5.8.15.jar 19:05:54 [INFO] Copying spring-security-core-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-core-5.8.15.jar 19:05:54 [INFO] Copying spring-security-web-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-web-5.8.15.jar 19:05:54 [INFO] Copying spring-security-crypto-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-crypto-5.8.15.jar 19:05:54 [INFO] 19:05:54 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.spring-security --- 19:05:54 [INFO] Executing tasks 19:05:54 19:05:54 main: 19:05:59 [INFO] Executed tasks 19:05:59 [INFO] 19:05:59 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.spring-security --- 19:05:59 [INFO] Checking for updates 19:05:59 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:05:59 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:05:59 [INFO] Check for updates complete (71 ms) 19:05:59 [INFO] 19:05:59 19:05:59 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:05:59 19:05:59 19:05:59 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:05:59 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:05:59 19:05:59 💖 Sponsor: https://github.com/sponsors/jeremylong 19:05:59 19:05:59 19:05:59 [INFO] Analysis Started 19:05:59 [INFO] Finished Archive Analyzer (0 seconds) 19:05:59 [INFO] Finished File Name Analyzer (0 seconds) 19:05:59 [INFO] Finished Jar Analyzer (0 seconds) 19:05:59 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:05:59 [INFO] Finished Hint Analyzer (0 seconds) 19:05:59 [INFO] Finished Version Filter Analyzer (0 seconds) 19:06:00 [INFO] Created CPE Index (1 seconds) 19:06:00 [INFO] Finished CPE Analyzer (1 seconds) 19:06:00 [INFO] Finished False Positive Analyzer (0 seconds) 19:06:00 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:06:00 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:06:00 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:06:00 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:06:00 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:06:00 19:06:00 19:06:00 ## Recommendation 19:06:00 19:06:00 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:06:00 19:06:00 The following template can be used to demonstrate the vulnerability: 19:06:00 ```{{#with "constructor"}} 19:06:00 {{#with split as |a|}} 19:06:00 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:06:00 {{#with (concat (lookup join (slice 0 1)))}} 19:06:00 {{#each (slice 2 3)}} 19:06:00 {{#with (apply 0 a)}} 19:06:00 {{.}} 19:06:00 {{/with}} 19:06:00 {{/each}} 19:06:00 {{/with}} 19:06:00 {{/with}} 19:06:00 {{/with}}``` 19:06:00 19:06:00 19:06:00 ## Recommendation 19:06:00 19:06:00 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:06:00 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:01 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:06:01 [INFO] Analysis Complete (1 seconds) 19:06:01 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:06:01 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:06:01 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:06:01 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:06:01 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:06:01 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:06:01 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:06:01 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:06:01 [INFO] 19:06:01 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 19:06:01 [INFO] Building dependencies.swagger 1.0 [32/71] 19:06:01 [INFO] --------------------------------[ pom ]--------------------------------- 19:06:01 [INFO] 19:06:01 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.swagger --- 19:06:01 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 19:06:01 [INFO] 19:06:01 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 19:06:01 [INFO] Copying swagger-ui-4.19.1.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-ui-4.19.1.jar 19:06:01 [INFO] Copying classgraph-4.8.149.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/classgraph-4.8.149.jar 19:06:01 [INFO] Copying swagger-annotations-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-annotations-2.2.4.jar 19:06:01 [INFO] Copying swagger-core-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-core-2.2.4.jar 19:06:01 [INFO] Copying swagger-jaxrs2-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-jaxrs2-2.2.4.jar 19:06:01 [INFO] Copying swagger-models-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-models-2.2.4.jar 19:06:01 [INFO] Copying swagger-integration-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-integration-2.2.4.jar 19:06:01 [INFO] Copying swagger-parser-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-2.1.6.jar 19:06:01 [INFO] Copying swagger-parser-core-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-core-2.1.6.jar 19:06:01 [INFO] Copying swagger-parser-v2-converter-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v2-converter-2.1.6.jar 19:06:01 [INFO] Copying swagger-parser-v3-2.1.6-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.6-gov4j-1.jar 19:06:01 [INFO] Copying swagger-core-1.6.8.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-core-1.6.8.jar 19:06:01 [INFO] Copying swagger-models-1.6.8.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-models-1.6.8.jar 19:06:01 [INFO] Copying swagger-parser-1.0.63.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-1.0.63.jar 19:06:01 [INFO] Copying swagger-request-validator-core-2.30.0-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.30.0-gov4j-2.jar 19:06:01 [INFO] 19:06:01 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.swagger --- 19:06:01 [INFO] Executing tasks 19:06:01 19:06:01 main: 19:06:06 [INFO] Executed tasks 19:06:06 [INFO] 19:06:06 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.swagger --- 19:06:06 [INFO] Checking for updates 19:06:06 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:06:06 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:06:06 [INFO] Check for updates complete (73 ms) 19:06:06 [INFO] 19:06:06 19:06:06 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:06:06 19:06:06 19:06:06 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:06:06 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:06:06 19:06:06 💖 Sponsor: https://github.com/sponsors/jeremylong 19:06:06 19:06:06 19:06:06 [INFO] Analysis Started 19:06:06 [INFO] Finished Archive Analyzer (0 seconds) 19:06:06 [INFO] Finished File Name Analyzer (0 seconds) 19:06:06 [INFO] Finished Jar Analyzer (0 seconds) 19:06:06 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:06:06 [INFO] Finished Hint Analyzer (0 seconds) 19:06:06 [INFO] Finished Version Filter Analyzer (0 seconds) 19:06:08 [INFO] Created CPE Index (1 seconds) 19:06:08 [INFO] Finished CPE Analyzer (1 seconds) 19:06:08 [INFO] Finished False Positive Analyzer (0 seconds) 19:06:08 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:06:16 [INFO] Finished RetireJS Analyzer (8 seconds) 19:06:16 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:06:16 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:06:16 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:06:16 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:06:16 19:06:16 19:06:16 ## Recommendation 19:06:16 19:06:16 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:06:16 19:06:16 The following template can be used to demonstrate the vulnerability: 19:06:16 ```{{#with "constructor"}} 19:06:16 {{#with split as |a|}} 19:06:16 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:06:16 {{#with (concat (lookup join (slice 0 1)))}} 19:06:16 {{#each (slice 2 3)}} 19:06:16 {{#with (apply 0 a)}} 19:06:16 {{.}} 19:06:16 {{/with}} 19:06:16 {{/each}} 19:06:16 {{/with}} 19:06:16 {{/with}} 19:06:16 {{/with}}``` 19:06:16 19:06:16 19:06:16 ## Recommendation 19:06:16 19:06:16 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:16 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:06:16 [INFO] Analysis Complete (10 seconds) 19:06:16 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:06:16 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:06:16 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:06:16 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:06:16 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:06:16 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:06:16 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:06:16 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:06:16 [INFO] 19:06:16 [INFO] ----------------< org.openspcoop2:org.openspcoop2.wadl >---------------- 19:06:16 [INFO] Building dependencies.wadl 1.0 [33/71] 19:06:16 [INFO] --------------------------------[ pom ]--------------------------------- 19:06:16 [INFO] 19:06:16 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.wadl --- 19:06:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wadl (includes = [*.jar], excludes = []) 19:06:16 [INFO] 19:06:16 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wadl --- 19:06:16 [INFO] Copying localizer-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/localizer-1.0.jar 19:06:16 [INFO] Copying wadl-core-1.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/wadl-core-1.1.6.jar 19:06:16 [INFO] Copying wadl-xslt-1.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/wadl-xslt-1.1.6.jar 19:06:16 [INFO] 19:06:16 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.wadl --- 19:06:16 [INFO] Executing tasks 19:06:16 19:06:16 main: 19:06:21 [INFO] Executed tasks 19:06:21 [INFO] 19:06:21 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.wadl --- 19:06:22 [INFO] Checking for updates 19:06:22 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:06:22 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:06:22 [INFO] Check for updates complete (75 ms) 19:06:22 [INFO] 19:06:22 19:06:22 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:06:22 19:06:22 19:06:22 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:06:22 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:06:22 19:06:22 💖 Sponsor: https://github.com/sponsors/jeremylong 19:06:22 19:06:22 19:06:22 [INFO] Analysis Started 19:06:22 [INFO] Finished Archive Analyzer (0 seconds) 19:06:22 [INFO] Finished File Name Analyzer (0 seconds) 19:06:22 [INFO] Finished Jar Analyzer (0 seconds) 19:06:22 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:06:22 [INFO] Finished Hint Analyzer (0 seconds) 19:06:22 [INFO] Finished Version Filter Analyzer (0 seconds) 19:06:23 [INFO] Created CPE Index (1 seconds) 19:06:23 [INFO] Finished CPE Analyzer (1 seconds) 19:06:23 [INFO] Finished False Positive Analyzer (0 seconds) 19:06:23 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:06:23 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:06:23 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:06:23 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:06:23 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:06:23 19:06:23 19:06:23 ## Recommendation 19:06:23 19:06:23 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:06:23 19:06:23 The following template can be used to demonstrate the vulnerability: 19:06:23 ```{{#with "constructor"}} 19:06:23 {{#with split as |a|}} 19:06:23 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:06:23 {{#with (concat (lookup join (slice 0 1)))}} 19:06:23 {{#each (slice 2 3)}} 19:06:23 {{#with (apply 0 a)}} 19:06:23 {{.}} 19:06:23 {{/with}} 19:06:23 {{/each}} 19:06:23 {{/with}} 19:06:23 {{/with}} 19:06:23 {{/with}}``` 19:06:23 19:06:23 19:06:23 ## Recommendation 19:06:23 19:06:23 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:23 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:06:23 [INFO] Analysis Complete (1 seconds) 19:06:23 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:06:23 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:06:23 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:06:23 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:06:23 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:06:23 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:06:23 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:06:23 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:06:23 [INFO] 19:06:23 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 19:06:23 [INFO] Building dependencies.wss4j 1.0 [34/71] 19:06:23 [INFO] --------------------------------[ pom ]--------------------------------- 19:06:23 [INFO] 19:06:23 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.wss4j --- 19:06:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 19:06:23 [INFO] 19:06:23 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 19:06:23 [INFO] Copying wss4j-bindings-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-bindings-2.4.1.jar 19:06:23 [INFO] Copying wss4j-integration-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-integration-2.4.1.jar 19:06:23 [INFO] Copying wss4j-policy-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-policy-2.4.1.jar 19:06:23 [INFO] Copying wss4j-ws-security-common-2.4.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-2.4.1-gov4j-2.jar 19:06:23 [INFO] Copying wss4j-ws-security-dom-2.4.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-2.4.1-gov4j-2.jar 19:06:23 [INFO] Copying wss4j-ws-security-policy-stax-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-policy-stax-2.4.1.jar 19:06:23 [INFO] Copying wss4j-ws-security-stax-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-stax-2.4.1.jar 19:06:23 [INFO] 19:06:23 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.wss4j --- 19:06:23 [INFO] Executing tasks 19:06:23 19:06:23 main: 19:06:28 [INFO] Executed tasks 19:06:28 [INFO] 19:06:28 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.wss4j --- 19:06:28 [INFO] Checking for updates 19:06:28 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:06:28 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:06:28 [INFO] Check for updates complete (69 ms) 19:06:29 [INFO] 19:06:29 19:06:29 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:06:29 19:06:29 19:06:29 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:06:29 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:06:29 19:06:29 💖 Sponsor: https://github.com/sponsors/jeremylong 19:06:29 19:06:29 19:06:29 [INFO] Analysis Started 19:06:29 [INFO] Finished Archive Analyzer (0 seconds) 19:06:29 [INFO] Finished File Name Analyzer (0 seconds) 19:06:29 [INFO] Finished Jar Analyzer (0 seconds) 19:06:29 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:06:29 [INFO] Finished Hint Analyzer (0 seconds) 19:06:29 [INFO] Finished Version Filter Analyzer (0 seconds) 19:06:30 [INFO] Created CPE Index (1 seconds) 19:06:30 [INFO] Finished CPE Analyzer (1 seconds) 19:06:30 [INFO] Finished False Positive Analyzer (0 seconds) 19:06:30 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:06:30 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:06:30 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:06:30 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:06:30 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 19:06:30 19:06:30 19:06:30 ## Recommendation 19:06:30 19:06:30 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 19:06:30 19:06:30 The following template can be used to demonstrate the vulnerability: 19:06:30 ```{{#with "constructor"}} 19:06:30 {{#with split as |a|}} 19:06:30 {{pop (push "alert('Vulnerable Handlebars JS');")}} 19:06:30 {{#with (concat (lookup join (slice 0 1)))}} 19:06:30 {{#each (slice 2 3)}} 19:06:30 {{#with (apply 0 a)}} 19:06:30 {{.}} 19:06:30 {{/with}} 19:06:30 {{/each}} 19:06:30 {{/with}} 19:06:30 {{/with}} 19:06:30 {{/with}}``` 19:06:30 19:06:30 19:06:30 ## Recommendation 19:06:30 19:06:30 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 19:06:30 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:06:30 [INFO] Analysis Complete (1 seconds) 19:06:30 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:06:30 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:06:30 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:06:30 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:06:30 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:06:30 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:06:30 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:06:30 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:06:30 [INFO] 19:06:30 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 19:06:30 [INFO] Building dependencies.testsuite 1.0 [35/71] 19:06:30 [INFO] --------------------------------[ pom ]--------------------------------- 19:06:30 [INFO] 19:06:30 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite --- 19:06:30 [INFO] Executing tasks 19:06:30 19:06:30 main: 19:06:35 [INFO] Executed tasks 19:06:35 [INFO] 19:06:35 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite --- 19:06:35 [INFO] Checking for updates 19:06:35 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:06:35 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:06:35 [INFO] Check for updates complete (77 ms) 19:06:36 [INFO] 19:06:36 19:06:36 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:06:36 19:06:36 19:06:36 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:06:36 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:06:36 19:06:36 💖 Sponsor: https://github.com/sponsors/jeremylong 19:06:36 19:06:36 19:06:36 [INFO] Analysis Started 19:06:36 [INFO] Finished File Name Analyzer (0 seconds) 19:06:36 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:06:36 [INFO] Finished Hint Analyzer (0 seconds) 19:06:36 [INFO] Finished Version Filter Analyzer (0 seconds) 19:06:37 [INFO] Created CPE Index (1 seconds) 19:06:37 [INFO] Finished CPE Analyzer (1 seconds) 19:06:37 [INFO] Finished False Positive Analyzer (0 seconds) 19:06:37 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:06:37 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:06:37 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:06:37 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:06:37 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:06:37 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:06:37 [INFO] Analysis Complete (1 seconds) 19:06:37 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 19:06:37 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 19:06:37 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 19:06:37 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 19:06:37 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 19:06:37 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 19:06:37 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 19:06:37 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 19:06:37 [INFO] 19:06:37 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 19:06:37 [INFO] Building dependencies.testsuite.axis14 1.0 [36/71] 19:06:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:06:37 [INFO] 19:06:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 19:06:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = []) 19:06:37 [INFO] 19:06:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 19:06:37 [INFO] Copying axis-1.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4-gov4j-1.jar 19:06:37 [INFO] Copying axis-jaxrpc-1.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4-gov4j-1.jar 19:06:37 [INFO] Copying axis-ant-1.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-ant-1.4.jar 19:06:37 [INFO] Copying axis-saaj-1.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-saaj-1.4.jar 19:06:37 [INFO] Copying mailapi-1.5.6.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/mailapi-1.5.6.jar 19:06:37 [INFO] Copying neethi-2.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/neethi-2.0.4.jar 19:06:37 [INFO] Copying opensaml-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/opensaml-1.1.jar 19:06:37 [INFO] Copying wss4j-1.5.11.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/wss4j-1.5.11.jar 19:06:37 [INFO] Copying xmlsec-1.4.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/xmlsec-1.4.4.jar 19:06:37 [INFO] Copying addressing-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/addressing-1.1.jar 19:06:37 [INFO] 19:06:37 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.axis14 --- 19:06:37 [INFO] Executing tasks 19:06:37 19:06:37 main: 19:06:42 [INFO] Executed tasks 19:06:42 [INFO] 19:06:42 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.axis14 --- 19:06:42 [INFO] Checking for updates 19:06:42 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:06:42 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:06:42 [INFO] Check for updates complete (77 ms) 19:06:43 [INFO] 19:06:43 19:06:43 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:06:43 19:06:43 19:06:43 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:06:43 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:06:43 19:06:43 💖 Sponsor: https://github.com/sponsors/jeremylong 19:06:43 19:06:43 19:06:43 [INFO] Analysis Started 19:06:43 [INFO] Finished File Name Analyzer (0 seconds) 19:06:43 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:06:43 [INFO] Finished Hint Analyzer (0 seconds) 19:06:43 [INFO] Finished Version Filter Analyzer (0 seconds) 19:06:44 [INFO] Created CPE Index (1 seconds) 19:06:44 [INFO] Finished CPE Analyzer (1 seconds) 19:06:44 [INFO] Finished False Positive Analyzer (0 seconds) 19:06:44 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:06:44 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:06:44 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:06:44 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:06:44 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:06:44 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:06:44 [INFO] Analysis Complete (1 seconds) 19:06:44 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 19:06:44 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 19:06:44 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 19:06:44 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 19:06:44 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 19:06:44 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 19:06:44 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 19:06:44 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 19:06:44 [INFO] 19:06:44 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 19:06:44 [INFO] Building dependencies.testsuite.as 1.0 [37/71] 19:06:44 [INFO] --------------------------------[ pom ]--------------------------------- 19:06:44 [INFO] 19:06:44 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer --- 19:06:44 [INFO] Executing tasks 19:06:44 19:06:44 main: 19:06:49 [INFO] Executed tasks 19:06:49 [INFO] 19:06:49 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer --- 19:06:49 [INFO] Checking for updates 19:06:49 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:06:49 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:06:49 [INFO] Check for updates complete (67 ms) 19:06:49 [INFO] 19:06:49 19:06:49 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:06:49 19:06:49 19:06:49 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:06:49 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:06:49 19:06:49 💖 Sponsor: https://github.com/sponsors/jeremylong 19:06:49 19:06:49 19:06:49 [INFO] Analysis Started 19:06:49 [INFO] Finished File Name Analyzer (0 seconds) 19:06:49 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:06:49 [INFO] Finished Hint Analyzer (0 seconds) 19:06:49 [INFO] Finished Version Filter Analyzer (0 seconds) 19:06:50 [INFO] Created CPE Index (1 seconds) 19:06:50 [INFO] Finished CPE Analyzer (1 seconds) 19:06:50 [INFO] Finished False Positive Analyzer (0 seconds) 19:06:50 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:06:50 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:06:50 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:06:50 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:06:50 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:06:50 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:06:50 [INFO] Analysis Complete (1 seconds) 19:06:50 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 19:06:50 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 19:06:50 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 19:06:50 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 19:06:50 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 19:06:50 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 19:06:50 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 19:06:50 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 19:06:50 [INFO] 19:06:50 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly8 >-- 19:06:50 [INFO] Building dependencies.testsuite.as.wildfly8 1.0 [38/71] 19:06:50 [INFO] --------------------------------[ pom ]--------------------------------- 19:06:50 [INFO] 19:06:50 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly8 --- 19:06:50 [INFO] 19:06:50 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly8 --- 19:06:50 [INFO] org.wildfly:jboss-client:jar:wf8 already exists in destination. 19:06:50 [INFO] 19:06:50 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly8 --- 19:06:50 [INFO] Executing tasks 19:06:50 19:06:50 main: 19:06:55 [INFO] Executed tasks 19:06:55 [INFO] 19:06:55 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly8 --- 19:06:56 [INFO] Checking for updates 19:06:56 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:06:56 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:06:56 [INFO] Check for updates complete (71 ms) 19:06:56 [INFO] 19:06:56 19:06:56 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:06:56 19:06:56 19:06:56 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:06:56 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:06:56 19:06:56 💖 Sponsor: https://github.com/sponsors/jeremylong 19:06:56 19:06:56 19:06:56 [INFO] Analysis Started 19:06:56 [INFO] Finished File Name Analyzer (0 seconds) 19:06:56 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:06:56 [INFO] Finished Hint Analyzer (0 seconds) 19:06:56 [INFO] Finished Version Filter Analyzer (0 seconds) 19:06:57 [INFO] Created CPE Index (1 seconds) 19:06:57 [INFO] Finished CPE Analyzer (1 seconds) 19:06:57 [INFO] Finished False Positive Analyzer (0 seconds) 19:06:57 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:06:57 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:06:57 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:06:57 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:06:57 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:06:57 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:06:57 [INFO] Analysis Complete (1 seconds) 19:06:57 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:06:57 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:06:57 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:06:57 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:06:57 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:06:57 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:06:57 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:06:57 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:06:57 [INFO] 19:06:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly9 >-- 19:06:57 [INFO] Building dependencies.testsuite.as.wildfly9 1.0 [39/71] 19:06:57 [INFO] --------------------------------[ pom ]--------------------------------- 19:06:57 [INFO] 19:06:57 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 19:06:57 [INFO] 19:06:57 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 19:06:57 [INFO] org.wildfly:jboss-client:jar:wf9 already exists in destination. 19:06:57 [INFO] 19:06:57 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 19:06:57 [INFO] Executing tasks 19:06:57 19:06:57 main: 19:07:02 [INFO] Executed tasks 19:07:02 [INFO] 19:07:02 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 19:07:02 [INFO] Checking for updates 19:07:03 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:03 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:03 [INFO] Check for updates complete (180 ms) 19:07:03 [INFO] 19:07:03 19:07:03 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:03 19:07:03 19:07:03 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:03 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:03 19:07:03 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:03 19:07:03 19:07:03 [INFO] Analysis Started 19:07:03 [INFO] Finished File Name Analyzer (0 seconds) 19:07:03 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:03 [INFO] Finished Hint Analyzer (0 seconds) 19:07:03 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:04 [INFO] Created CPE Index (1 seconds) 19:07:04 [INFO] Finished CPE Analyzer (1 seconds) 19:07:04 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:04 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:04 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:04 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:04 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:04 [INFO] Analysis Complete (1 seconds) 19:07:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:04 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:04 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:04 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:04 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:04 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:04 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:04 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:05 [INFO] 19:07:05 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly10 >-- 19:07:05 [INFO] Building dependencies.testsuite.as.wildfly10 1.0 [40/71] 19:07:05 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:05 [INFO] 19:07:05 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 19:07:05 [INFO] 19:07:05 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 19:07:05 [INFO] org.wildfly:jboss-client:jar:wf10 already exists in destination. 19:07:05 [INFO] 19:07:05 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 19:07:05 [INFO] Executing tasks 19:07:05 19:07:05 main: 19:07:10 [INFO] Executed tasks 19:07:10 [INFO] 19:07:10 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 19:07:10 [INFO] Checking for updates 19:07:10 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:10 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:10 [INFO] Check for updates complete (82 ms) 19:07:10 [INFO] 19:07:10 19:07:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:10 19:07:10 19:07:10 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:10 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:10 19:07:10 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:10 19:07:10 19:07:10 [INFO] Analysis Started 19:07:10 [INFO] Finished File Name Analyzer (0 seconds) 19:07:10 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:10 [INFO] Finished Hint Analyzer (0 seconds) 19:07:10 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:12 [INFO] Created CPE Index (1 seconds) 19:07:12 [INFO] Finished CPE Analyzer (1 seconds) 19:07:12 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:12 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:12 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:12 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:12 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:12 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:12 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:12 [INFO] Analysis Complete (1 seconds) 19:07:12 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:12 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:12 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:12 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:12 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:12 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:12 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:12 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:12 [INFO] 19:07:12 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly11 >-- 19:07:12 [INFO] Building dependencies.testsuite.as.wildfly11 1.0 [41/71] 19:07:12 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:12 [INFO] 19:07:12 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 19:07:12 [INFO] 19:07:12 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 19:07:12 [INFO] org.wildfly:jboss-client:jar:wf11 already exists in destination. 19:07:12 [INFO] 19:07:12 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 19:07:12 [INFO] Executing tasks 19:07:12 19:07:12 main: 19:07:17 [INFO] Executed tasks 19:07:17 [INFO] 19:07:17 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 19:07:17 [INFO] Checking for updates 19:07:17 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:17 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:17 [INFO] Check for updates complete (70 ms) 19:07:17 [INFO] 19:07:17 19:07:17 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:17 19:07:17 19:07:17 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:17 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:17 19:07:17 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:17 19:07:17 19:07:17 [INFO] Analysis Started 19:07:17 [INFO] Finished File Name Analyzer (0 seconds) 19:07:17 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:17 [INFO] Finished Hint Analyzer (0 seconds) 19:07:17 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:18 [INFO] Created CPE Index (1 seconds) 19:07:18 [INFO] Finished CPE Analyzer (1 seconds) 19:07:18 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:18 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:18 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:18 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:18 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:18 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:18 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:18 [INFO] Analysis Complete (1 seconds) 19:07:18 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:18 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:18 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:18 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:18 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:18 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:18 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:18 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:18 [INFO] 19:07:18 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly12 >-- 19:07:18 [INFO] Building dependencies.testsuite.as.wildfly12 1.0 [42/71] 19:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:18 [INFO] 19:07:18 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 19:07:18 [INFO] 19:07:18 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 19:07:18 [INFO] org.wildfly:jboss-client:jar:wf12 already exists in destination. 19:07:18 [INFO] javax.json:javax.json-api:jar:1.1.2 already exists in destination. 19:07:18 [INFO] 19:07:18 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 19:07:18 [INFO] Executing tasks 19:07:18 19:07:18 main: 19:07:23 [INFO] Executed tasks 19:07:23 [INFO] 19:07:23 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 19:07:24 [INFO] Checking for updates 19:07:24 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:24 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:24 [INFO] Check for updates complete (68 ms) 19:07:24 [INFO] 19:07:24 19:07:24 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:24 19:07:24 19:07:24 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:24 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:24 19:07:24 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:24 19:07:24 19:07:24 [INFO] Analysis Started 19:07:24 [INFO] Finished File Name Analyzer (0 seconds) 19:07:24 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:24 [INFO] Finished Hint Analyzer (0 seconds) 19:07:24 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:25 [INFO] Created CPE Index (1 seconds) 19:07:25 [INFO] Finished CPE Analyzer (1 seconds) 19:07:25 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:25 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:25 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:25 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:25 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:25 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:25 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:25 [INFO] Analysis Complete (1 seconds) 19:07:25 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:25 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:25 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:25 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:25 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:25 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:25 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:25 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:25 [INFO] 19:07:25 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly13 >-- 19:07:25 [INFO] Building dependencies.testsuite.as.wildfly13 1.0 [43/71] 19:07:25 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:25 [INFO] 19:07:25 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 19:07:25 [INFO] 19:07:25 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 19:07:25 [INFO] org.wildfly:jboss-client:jar:wf13 already exists in destination. 19:07:25 [INFO] javax.json:javax.json-api:jar:1.1.2 already exists in destination. 19:07:25 [INFO] 19:07:25 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 19:07:25 [INFO] Executing tasks 19:07:25 19:07:25 main: 19:07:30 [INFO] Executed tasks 19:07:30 [INFO] 19:07:30 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 19:07:31 [INFO] Checking for updates 19:07:31 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:31 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:31 [INFO] Check for updates complete (68 ms) 19:07:31 [INFO] 19:07:31 19:07:31 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:31 19:07:31 19:07:31 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:31 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:31 19:07:31 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:31 19:07:31 19:07:31 [INFO] Analysis Started 19:07:31 [INFO] Finished File Name Analyzer (0 seconds) 19:07:31 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:31 [INFO] Finished Hint Analyzer (0 seconds) 19:07:31 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:32 [INFO] Created CPE Index (1 seconds) 19:07:32 [INFO] Finished CPE Analyzer (1 seconds) 19:07:32 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:32 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:32 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:32 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:32 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:32 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:32 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:32 [INFO] Analysis Complete (1 seconds) 19:07:32 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:32 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:32 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:32 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:32 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:32 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:32 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:32 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:32 [INFO] 19:07:32 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly14 >-- 19:07:32 [INFO] Building dependencies.testsuite.as.wildfly14 1.0 [44/71] 19:07:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:32 [INFO] 19:07:32 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 19:07:32 [INFO] 19:07:32 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 19:07:32 [INFO] org.wildfly:jboss-client:jar:wf14 already exists in destination. 19:07:32 [INFO] 19:07:32 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 19:07:32 [INFO] Executing tasks 19:07:32 19:07:32 main: 19:07:37 [INFO] Executed tasks 19:07:37 [INFO] 19:07:37 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 19:07:37 [INFO] Checking for updates 19:07:37 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:37 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:37 [INFO] Check for updates complete (71 ms) 19:07:38 [INFO] 19:07:38 19:07:38 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:38 19:07:38 19:07:38 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:38 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:38 19:07:38 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:38 19:07:38 19:07:38 [INFO] Analysis Started 19:07:38 [INFO] Finished File Name Analyzer (0 seconds) 19:07:38 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:38 [INFO] Finished Hint Analyzer (0 seconds) 19:07:38 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:39 [INFO] Created CPE Index (1 seconds) 19:07:39 [INFO] Finished CPE Analyzer (1 seconds) 19:07:39 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:39 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:39 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:39 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:39 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:39 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:39 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:39 [INFO] Analysis Complete (1 seconds) 19:07:39 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:39 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:39 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:39 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:39 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:39 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:39 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:39 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:39 [INFO] 19:07:39 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly15 >-- 19:07:39 [INFO] Building dependencies.testsuite.as.wildfly15 1.0 [45/71] 19:07:39 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:39 [INFO] 19:07:39 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 19:07:39 [INFO] 19:07:39 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 19:07:39 [INFO] org.wildfly:jboss-client:jar:wf15 already exists in destination. 19:07:39 [INFO] 19:07:39 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 19:07:39 [INFO] Executing tasks 19:07:39 19:07:39 main: 19:07:44 [INFO] Executed tasks 19:07:44 [INFO] 19:07:44 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 19:07:44 [INFO] Checking for updates 19:07:44 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:44 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:44 [INFO] Check for updates complete (73 ms) 19:07:44 [INFO] 19:07:44 19:07:44 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:44 19:07:44 19:07:44 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:44 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:44 19:07:44 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:44 19:07:44 19:07:44 [INFO] Analysis Started 19:07:44 [INFO] Finished File Name Analyzer (0 seconds) 19:07:44 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:44 [INFO] Finished Hint Analyzer (0 seconds) 19:07:44 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:46 [INFO] Created CPE Index (1 seconds) 19:07:46 [INFO] Finished CPE Analyzer (1 seconds) 19:07:46 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:46 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:46 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:46 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:46 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:46 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:46 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:46 [INFO] Analysis Complete (1 seconds) 19:07:46 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:46 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:46 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:46 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:46 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:46 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:46 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:46 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:46 [INFO] 19:07:46 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly16 >-- 19:07:46 [INFO] Building dependencies.testsuite.as.wildfly16 1.0 [46/71] 19:07:46 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:46 [INFO] 19:07:46 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 19:07:46 [INFO] 19:07:46 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 19:07:46 [INFO] org.wildfly:jboss-client:jar:wf16 already exists in destination. 19:07:46 [INFO] 19:07:46 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 19:07:46 [INFO] Executing tasks 19:07:46 19:07:46 main: 19:07:51 [INFO] Executed tasks 19:07:51 [INFO] 19:07:51 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 19:07:51 [INFO] Checking for updates 19:07:51 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:51 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:51 [INFO] Check for updates complete (71 ms) 19:07:51 [INFO] 19:07:51 19:07:51 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:51 19:07:51 19:07:51 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:51 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:51 19:07:51 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:51 19:07:51 19:07:51 [INFO] Analysis Started 19:07:51 [INFO] Finished File Name Analyzer (0 seconds) 19:07:51 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:51 [INFO] Finished Hint Analyzer (0 seconds) 19:07:51 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:52 [INFO] Created CPE Index (1 seconds) 19:07:52 [INFO] Finished CPE Analyzer (1 seconds) 19:07:52 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:52 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:52 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:52 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:52 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:52 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:52 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:52 [INFO] Analysis Complete (1 seconds) 19:07:52 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:52 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:52 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:52 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:52 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:52 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:52 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:52 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:52 [INFO] 19:07:52 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly17 >-- 19:07:52 [INFO] Building dependencies.testsuite.as.wildfly17 1.0 [47/71] 19:07:52 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:52 [INFO] 19:07:52 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 19:07:52 [INFO] 19:07:52 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 19:07:52 [INFO] org.wildfly:jboss-client:jar:wf17 already exists in destination. 19:07:52 [INFO] 19:07:52 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 19:07:52 [INFO] Executing tasks 19:07:52 19:07:52 main: 19:07:57 [INFO] Executed tasks 19:07:57 [INFO] 19:07:57 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 19:07:57 [INFO] Checking for updates 19:07:57 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:07:57 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:07:57 [INFO] Check for updates complete (68 ms) 19:07:58 [INFO] 19:07:58 19:07:58 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:07:58 19:07:58 19:07:58 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:07:58 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:07:58 19:07:58 💖 Sponsor: https://github.com/sponsors/jeremylong 19:07:58 19:07:58 19:07:58 [INFO] Analysis Started 19:07:58 [INFO] Finished File Name Analyzer (0 seconds) 19:07:58 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:07:58 [INFO] Finished Hint Analyzer (0 seconds) 19:07:58 [INFO] Finished Version Filter Analyzer (0 seconds) 19:07:59 [INFO] Created CPE Index (0 seconds) 19:07:59 [INFO] Finished CPE Analyzer (1 seconds) 19:07:59 [INFO] Finished False Positive Analyzer (0 seconds) 19:07:59 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:07:59 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:07:59 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:07:59 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:07:59 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:07:59 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:07:59 [INFO] Analysis Complete (1 seconds) 19:07:59 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:07:59 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:07:59 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:07:59 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:07:59 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:07:59 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:07:59 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:07:59 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:07:59 [INFO] 19:07:59 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly18 >-- 19:07:59 [INFO] Building dependencies.testsuite.as.wildfly18 1.0 [48/71] 19:07:59 [INFO] --------------------------------[ pom ]--------------------------------- 19:07:59 [INFO] 19:07:59 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 19:07:59 [INFO] 19:07:59 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 19:07:59 [INFO] org.wildfly:jboss-client:jar:wf18 already exists in destination. 19:07:59 [INFO] 19:07:59 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 19:07:59 [INFO] Executing tasks 19:07:59 19:07:59 main: 19:08:04 [INFO] Executed tasks 19:08:04 [INFO] 19:08:04 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 19:08:04 [INFO] Checking for updates 19:08:04 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:04 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:04 [INFO] Check for updates complete (145 ms) 19:08:04 [INFO] 19:08:04 19:08:04 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:04 19:08:04 19:08:04 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:04 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:04 19:08:04 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:04 19:08:04 19:08:04 [INFO] Analysis Started 19:08:04 [INFO] Finished File Name Analyzer (0 seconds) 19:08:04 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:04 [INFO] Finished Hint Analyzer (0 seconds) 19:08:04 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:05 [INFO] Created CPE Index (1 seconds) 19:08:06 [INFO] Finished CPE Analyzer (1 seconds) 19:08:06 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:06 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:06 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:06 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:06 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:06 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:06 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:06 [INFO] Analysis Complete (1 seconds) 19:08:06 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:06 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:06 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:06 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:06 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:06 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:06 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:06 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:06 [INFO] 19:08:06 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly19 >-- 19:08:06 [INFO] Building dependencies.testsuite.as.wildfly19 1.0 [49/71] 19:08:06 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:06 [INFO] 19:08:06 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 19:08:06 [INFO] 19:08:06 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 19:08:06 [INFO] org.wildfly:jboss-client:jar:wf19 already exists in destination. 19:08:06 [INFO] 19:08:06 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 19:08:06 [INFO] Executing tasks 19:08:06 19:08:06 main: 19:08:11 [INFO] Executed tasks 19:08:11 [INFO] 19:08:11 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 19:08:11 [INFO] Checking for updates 19:08:11 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:11 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:11 [INFO] Check for updates complete (67 ms) 19:08:11 [INFO] 19:08:11 19:08:11 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:11 19:08:11 19:08:11 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:11 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:11 19:08:11 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:11 19:08:11 19:08:11 [INFO] Analysis Started 19:08:11 [INFO] Finished File Name Analyzer (0 seconds) 19:08:11 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:11 [INFO] Finished Hint Analyzer (0 seconds) 19:08:11 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:12 [INFO] Created CPE Index (1 seconds) 19:08:12 [INFO] Finished CPE Analyzer (1 seconds) 19:08:12 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:12 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:12 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:12 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:12 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:12 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:12 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:12 [INFO] Analysis Complete (1 seconds) 19:08:12 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:12 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:12 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:12 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:12 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:12 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:12 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:12 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:12 [INFO] 19:08:12 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly20 >-- 19:08:12 [INFO] Building dependencies.testsuite.as.wildfly20 1.0 [50/71] 19:08:12 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:12 [INFO] 19:08:12 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 19:08:12 [INFO] 19:08:12 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 19:08:12 [INFO] org.wildfly:jboss-client:jar:wf20 already exists in destination. 19:08:12 [INFO] 19:08:12 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 19:08:12 [INFO] Executing tasks 19:08:12 19:08:12 main: 19:08:17 [INFO] Executed tasks 19:08:17 [INFO] 19:08:17 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 19:08:17 [INFO] Checking for updates 19:08:17 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:17 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:17 [INFO] Check for updates complete (67 ms) 19:08:18 [INFO] 19:08:18 19:08:18 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:18 19:08:18 19:08:18 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:18 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:18 19:08:18 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:18 19:08:18 19:08:18 [INFO] Analysis Started 19:08:18 [INFO] Finished File Name Analyzer (0 seconds) 19:08:18 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:18 [INFO] Finished Hint Analyzer (0 seconds) 19:08:18 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:19 [INFO] Created CPE Index (1 seconds) 19:08:19 [INFO] Finished CPE Analyzer (1 seconds) 19:08:19 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:19 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:19 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:19 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:19 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:19 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:19 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:19 [INFO] Analysis Complete (1 seconds) 19:08:19 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:19 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:19 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:19 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:19 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:19 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:19 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:19 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:19 [INFO] 19:08:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly21 >-- 19:08:19 [INFO] Building dependencies.testsuite.as.wildfly21 1.0 [51/71] 19:08:19 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:19 [INFO] 19:08:19 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 19:08:19 [INFO] 19:08:19 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 19:08:19 [INFO] org.wildfly:jboss-client:jar:wf21 already exists in destination. 19:08:19 [INFO] 19:08:19 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 19:08:19 [INFO] Executing tasks 19:08:19 19:08:19 main: 19:08:24 [INFO] Executed tasks 19:08:24 [INFO] 19:08:24 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 19:08:24 [INFO] Checking for updates 19:08:24 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:24 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:24 [INFO] Check for updates complete (84 ms) 19:08:25 [INFO] 19:08:25 19:08:25 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:25 19:08:25 19:08:25 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:25 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:25 19:08:25 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:25 19:08:25 19:08:25 [INFO] Analysis Started 19:08:25 [INFO] Finished File Name Analyzer (0 seconds) 19:08:25 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:25 [INFO] Finished Hint Analyzer (0 seconds) 19:08:25 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:26 [INFO] Created CPE Index (1 seconds) 19:08:26 [INFO] Finished CPE Analyzer (1 seconds) 19:08:26 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:26 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:26 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:26 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:26 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:26 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:26 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:26 [INFO] Analysis Complete (1 seconds) 19:08:26 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:26 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:26 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:26 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:26 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:26 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:26 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:26 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:26 [INFO] 19:08:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly22 >-- 19:08:26 [INFO] Building dependencies.testsuite.as.wildfly22 1.0 [52/71] 19:08:26 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:26 [INFO] 19:08:26 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 19:08:26 [INFO] 19:08:26 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 19:08:26 [INFO] org.wildfly:jboss-client:jar:wf22 already exists in destination. 19:08:26 [INFO] 19:08:26 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 19:08:26 [INFO] Executing tasks 19:08:26 19:08:26 main: 19:08:31 [INFO] Executed tasks 19:08:31 [INFO] 19:08:31 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 19:08:31 [INFO] Checking for updates 19:08:31 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:31 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:31 [INFO] Check for updates complete (65 ms) 19:08:31 [INFO] 19:08:31 19:08:31 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:31 19:08:31 19:08:31 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:31 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:31 19:08:31 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:31 19:08:31 19:08:31 [INFO] Analysis Started 19:08:31 [INFO] Finished File Name Analyzer (0 seconds) 19:08:31 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:31 [INFO] Finished Hint Analyzer (0 seconds) 19:08:31 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:32 [INFO] Created CPE Index (0 seconds) 19:08:32 [INFO] Finished CPE Analyzer (1 seconds) 19:08:32 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:32 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:32 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:32 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:32 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:32 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:32 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:32 [INFO] Analysis Complete (1 seconds) 19:08:32 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:32 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:32 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:32 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:32 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:32 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:32 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:32 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:32 [INFO] 19:08:32 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly23 >-- 19:08:32 [INFO] Building dependencies.testsuite.as.wildfly23 1.0 [53/71] 19:08:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:32 [INFO] 19:08:32 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 19:08:32 [INFO] 19:08:32 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 19:08:32 [INFO] org.wildfly:jboss-client:jar:wf23 already exists in destination. 19:08:32 [INFO] 19:08:32 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 19:08:32 [INFO] Executing tasks 19:08:32 19:08:32 main: 19:08:37 [INFO] Executed tasks 19:08:37 [INFO] 19:08:37 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 19:08:37 [INFO] Checking for updates 19:08:37 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:37 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:37 [INFO] Check for updates complete (77 ms) 19:08:38 [INFO] 19:08:38 19:08:38 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:38 19:08:38 19:08:38 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:38 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:38 19:08:38 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:38 19:08:38 19:08:38 [INFO] Analysis Started 19:08:38 [INFO] Finished File Name Analyzer (0 seconds) 19:08:38 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:38 [INFO] Finished Hint Analyzer (0 seconds) 19:08:38 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:39 [INFO] Created CPE Index (1 seconds) 19:08:39 [INFO] Finished CPE Analyzer (1 seconds) 19:08:39 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:39 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:39 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:39 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:39 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:39 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:39 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:39 [INFO] Analysis Complete (1 seconds) 19:08:39 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:39 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:39 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:39 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:39 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:39 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:39 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:39 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:39 [INFO] 19:08:39 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly24 >-- 19:08:39 [INFO] Building dependencies.testsuite.as.wildfly24 1.0 [54/71] 19:08:39 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:39 [INFO] 19:08:39 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 19:08:39 [INFO] 19:08:39 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 19:08:39 [INFO] org.wildfly:jboss-client:jar:wf24 already exists in destination. 19:08:39 [INFO] 19:08:39 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 19:08:39 [INFO] Executing tasks 19:08:39 19:08:39 main: 19:08:44 [INFO] Executed tasks 19:08:44 [INFO] 19:08:44 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 19:08:44 [INFO] Checking for updates 19:08:44 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:44 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:44 [INFO] Check for updates complete (80 ms) 19:08:44 [INFO] 19:08:44 19:08:44 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:44 19:08:44 19:08:44 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:44 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:44 19:08:44 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:44 19:08:44 19:08:44 [INFO] Analysis Started 19:08:44 [INFO] Finished File Name Analyzer (0 seconds) 19:08:44 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:44 [INFO] Finished Hint Analyzer (0 seconds) 19:08:44 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:46 [INFO] Created CPE Index (1 seconds) 19:08:46 [INFO] Finished CPE Analyzer (1 seconds) 19:08:46 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:46 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:46 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:46 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:46 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:46 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:46 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:46 [INFO] Analysis Complete (1 seconds) 19:08:46 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:46 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:46 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:46 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:46 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:46 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:46 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:46 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:46 [INFO] 19:08:46 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly25 >-- 19:08:46 [INFO] Building dependencies.testsuite.as.wildfly25 1.0 [55/71] 19:08:46 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:46 [INFO] 19:08:46 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 19:08:46 [INFO] 19:08:46 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 19:08:46 [INFO] org.wildfly:jboss-client:jar:wf25 already exists in destination. 19:08:46 [INFO] 19:08:46 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 19:08:46 [INFO] Executing tasks 19:08:46 19:08:46 main: 19:08:51 [INFO] Executed tasks 19:08:51 [INFO] 19:08:51 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 19:08:51 [INFO] Checking for updates 19:08:51 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:51 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:51 [INFO] Check for updates complete (69 ms) 19:08:51 [INFO] 19:08:51 19:08:51 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:51 19:08:51 19:08:51 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:51 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:51 19:08:51 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:51 19:08:51 19:08:51 [INFO] Analysis Started 19:08:51 [INFO] Finished File Name Analyzer (0 seconds) 19:08:51 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:51 [INFO] Finished Hint Analyzer (0 seconds) 19:08:51 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:52 [INFO] Created CPE Index (1 seconds) 19:08:52 [INFO] Finished CPE Analyzer (1 seconds) 19:08:52 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:52 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:52 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:52 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:52 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:52 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:52 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:52 [INFO] Analysis Complete (1 seconds) 19:08:52 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:52 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:52 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:52 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:52 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:52 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:52 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:52 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:53 [INFO] 19:08:53 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly26 >-- 19:08:53 [INFO] Building dependencies.testsuite.as.wildfly26 1.0 [56/71] 19:08:53 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:53 [INFO] 19:08:53 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 19:08:53 [INFO] 19:08:53 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 19:08:53 [INFO] org.wildfly:jboss-client:jar:wf26 already exists in destination. 19:08:53 [INFO] 19:08:53 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 19:08:53 [INFO] Executing tasks 19:08:53 19:08:53 main: 19:08:58 [INFO] Executed tasks 19:08:58 [INFO] 19:08:58 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 19:08:58 [INFO] Checking for updates 19:08:58 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:08:58 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:08:58 [INFO] Check for updates complete (65 ms) 19:08:58 [INFO] 19:08:58 19:08:58 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:08:58 19:08:58 19:08:58 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:08:58 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:08:58 19:08:58 💖 Sponsor: https://github.com/sponsors/jeremylong 19:08:58 19:08:58 19:08:58 [INFO] Analysis Started 19:08:58 [INFO] Finished File Name Analyzer (0 seconds) 19:08:58 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:08:58 [INFO] Finished Hint Analyzer (0 seconds) 19:08:58 [INFO] Finished Version Filter Analyzer (0 seconds) 19:08:59 [INFO] Created CPE Index (1 seconds) 19:08:59 [INFO] Finished CPE Analyzer (1 seconds) 19:08:59 [INFO] Finished False Positive Analyzer (0 seconds) 19:08:59 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:08:59 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:08:59 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:08:59 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:08:59 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:08:59 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:08:59 [INFO] Analysis Complete (1 seconds) 19:08:59 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:08:59 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:08:59 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:08:59 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:08:59 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:08:59 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:08:59 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:08:59 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:08:59 [INFO] 19:08:59 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat9 >-- 19:08:59 [INFO] Building dependencies.testsuite.as.tomcat9 1.0 [57/71] 19:08:59 [INFO] --------------------------------[ pom ]--------------------------------- 19:08:59 [INFO] 19:08:59 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 19:08:59 [INFO] 19:08:59 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 19:08:59 [INFO] org.apache.tomcat:tomcat-catalina:jar:9.0.83 already exists in destination. 19:08:59 [INFO] org.apache.tomcat:tomcat-juli:jar:9.0.83 already exists in destination. 19:08:59 [INFO] 19:08:59 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 19:08:59 [INFO] Executing tasks 19:08:59 19:08:59 main: 19:09:04 [INFO] Executed tasks 19:09:04 [INFO] 19:09:04 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 19:09:04 [INFO] Checking for updates 19:09:04 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:09:04 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:09:04 [INFO] Check for updates complete (76 ms) 19:09:05 [INFO] 19:09:05 19:09:05 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:09:05 19:09:05 19:09:05 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:09:05 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:09:05 19:09:05 💖 Sponsor: https://github.com/sponsors/jeremylong 19:09:05 19:09:05 19:09:05 [INFO] Analysis Started 19:09:05 [INFO] Finished File Name Analyzer (0 seconds) 19:09:05 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:09:05 [INFO] Finished Hint Analyzer (0 seconds) 19:09:05 [INFO] Finished Version Filter Analyzer (0 seconds) 19:09:06 [INFO] Created CPE Index (1 seconds) 19:09:06 [INFO] Finished CPE Analyzer (1 seconds) 19:09:06 [INFO] Finished False Positive Analyzer (0 seconds) 19:09:06 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:09:06 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:09:06 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:09:06 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:09:06 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:09:06 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:09:06 [INFO] Analysis Complete (1 seconds) 19:09:06 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 19:09:06 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 19:09:06 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 19:09:06 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 19:09:06 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 19:09:06 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 19:09:06 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 19:09:06 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 19:09:06 [INFO] 19:09:06 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 19:09:06 [INFO] Building dependencies.testsuite.test 1.0 [58/71] 19:09:06 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:06 [INFO] 19:09:06 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.test --- 19:09:06 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite (includes = [*.jar], excludes = []) 19:09:06 [INFO] 19:09:06 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test --- 19:09:06 [INFO] Copying jcommander-1.82.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/jcommander-1.82.jar 19:09:06 [INFO] Copying guice-5.1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/guice-5.1.0.jar 19:09:06 [INFO] Copying jquery-3.6.1.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/jquery-3.6.1.jar 19:09:06 [INFO] Copying testng-7.8.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng-7.8.0.jar 19:09:06 [INFO] Copying junit-4.13.2.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit-4.13.2.jar 19:09:06 [INFO] Copying karate-apache-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-apache-0.9.6.jar 19:09:06 [INFO] Copying karate-core-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-core-0.9.6.jar 19:09:06 [INFO] Copying karate-junit4-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-junit4-0.9.6.jar 19:09:06 [INFO] Copying hamcrest-core-1.3.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/hamcrest-core-1.3.jar 19:09:06 [INFO] Copying picocli-4.2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/picocli-4.2.0.jar 19:09:06 [INFO] Copying logback-classic-1.4.14.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback-classic-1.4.14.jar 19:09:06 [INFO] Copying logback-core-1.4.14.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback-core-1.4.14.jar 19:09:06 [INFO] Copying spring-jdbc-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-jdbc-5.3.39.jar 19:09:06 [INFO] Copying spring-ldap-test-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap-test-2.4.2.jar 19:09:06 [INFO] Copying apacheds-all-2.0.0.AM27-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds-all-2.0.0.AM27-gov4j-1.jar 19:09:06 [INFO] Copying slf4j-testng-2.0.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/slf4j-testng-2.0.0.jar 19:09:06 [INFO] 19:09:06 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test --- 19:09:06 [INFO] Executing tasks 19:09:06 19:09:06 main: 19:09:11 [INFO] Executed tasks 19:09:11 [INFO] 19:09:11 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.test --- 19:09:11 [INFO] Checking for updates 19:09:11 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:09:11 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:09:11 [INFO] Check for updates complete (101 ms) 19:09:11 [INFO] 19:09:11 19:09:11 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:09:11 19:09:11 19:09:11 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:09:11 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:09:11 19:09:11 💖 Sponsor: https://github.com/sponsors/jeremylong 19:09:11 19:09:11 19:09:11 [INFO] Analysis Started 19:09:11 [INFO] Finished File Name Analyzer (0 seconds) 19:09:11 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:09:11 [INFO] Finished Hint Analyzer (0 seconds) 19:09:11 [INFO] Finished Version Filter Analyzer (0 seconds) 19:09:12 [INFO] Created CPE Index (1 seconds) 19:09:12 [INFO] Finished CPE Analyzer (1 seconds) 19:09:12 [INFO] Finished False Positive Analyzer (0 seconds) 19:09:12 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:09:12 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:09:12 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:09:12 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:09:12 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:09:12 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:09:12 [INFO] Analysis Complete (1 seconds) 19:09:12 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 19:09:12 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 19:09:12 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 19:09:12 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 19:09:12 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 19:09:12 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 19:09:12 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 19:09:12 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 19:09:12 [INFO] 19:09:12 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 19:09:12 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [59/71] 19:09:12 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:12 [INFO] 19:09:12 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 19:09:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 19:09:12 [INFO] 19:09:12 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 19:09:12 [INFO] Copying spotbugs-ant-4.8.6.jar to /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis/spotbugs-ant-4.8.6.jar 19:09:12 [INFO] Copying sonarqube-ant-task-2.7.1.1951.jar to /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis/sonarqube-ant-task-2.7.1.1951.jar 19:09:12 [INFO] 19:09:12 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.staticAnalysis --- 19:09:13 [INFO] Executing tasks 19:09:13 19:09:13 main: 19:09:18 [INFO] Executed tasks 19:09:18 [INFO] 19:09:18 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.staticAnalysis --- 19:09:18 [INFO] Checking for updates 19:09:18 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:09:18 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:09:18 [INFO] Check for updates complete (64 ms) 19:09:18 [INFO] 19:09:18 19:09:18 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:09:18 19:09:18 19:09:18 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:09:18 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:09:18 19:09:18 💖 Sponsor: https://github.com/sponsors/jeremylong 19:09:18 19:09:18 19:09:18 [INFO] Analysis Started 19:09:18 [INFO] Finished File Name Analyzer (0 seconds) 19:09:18 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:09:18 [INFO] Finished Hint Analyzer (0 seconds) 19:09:18 [INFO] Finished Version Filter Analyzer (0 seconds) 19:09:19 [INFO] Created CPE Index (1 seconds) 19:09:19 [INFO] Finished CPE Analyzer (1 seconds) 19:09:19 [INFO] Finished False Positive Analyzer (0 seconds) 19:09:19 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:09:19 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:09:19 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:09:19 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:09:19 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:09:19 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:09:19 [INFO] Analysis Complete (1 seconds) 19:09:19 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 19:09:19 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 19:09:19 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 19:09:19 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 19:09:19 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 19:09:19 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 19:09:19 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 19:09:19 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 19:09:19 [INFO] 19:09:19 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 19:09:19 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [60/71] 19:09:19 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:19 [INFO] 19:09:19 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 19:09:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 19:09:19 [INFO] 19:09:19 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 19:09:19 [INFO] Copying zap-clientapi-1.11.0.jar to /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis/zap-clientapi-1.11.0.jar 19:09:19 [INFO] 19:09:19 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.dynamicAnalysis --- 19:09:19 [INFO] Executing tasks 19:09:19 19:09:19 main: 19:09:24 [INFO] Executed tasks 19:09:24 [INFO] 19:09:24 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.dynamicAnalysis --- 19:09:24 [INFO] Checking for updates 19:09:24 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:09:24 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:09:24 [INFO] Check for updates complete (82 ms) 19:09:24 [INFO] 19:09:24 19:09:24 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:09:24 19:09:24 19:09:24 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:09:24 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:09:24 19:09:24 💖 Sponsor: https://github.com/sponsors/jeremylong 19:09:24 19:09:24 19:09:24 [INFO] Analysis Started 19:09:24 [INFO] Finished File Name Analyzer (0 seconds) 19:09:24 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:09:24 [INFO] Finished Hint Analyzer (0 seconds) 19:09:24 [INFO] Finished Version Filter Analyzer (0 seconds) 19:09:26 [INFO] Created CPE Index (1 seconds) 19:09:26 [INFO] Finished CPE Analyzer (1 seconds) 19:09:26 [INFO] Finished False Positive Analyzer (0 seconds) 19:09:26 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:09:26 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:09:26 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:09:26 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:09:26 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:09:26 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:09:26 [INFO] Analysis Complete (1 seconds) 19:09:26 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 19:09:26 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 19:09:26 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 19:09:26 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 19:09:26 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 19:09:26 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 19:09:26 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 19:09:26 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 19:09:26 [INFO] 19:09:26 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 19:09:26 [INFO] Building dependencies.testsuite.coverage 1.0 [61/71] 19:09:26 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:26 [INFO] 19:09:26 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 19:09:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 19:09:26 [INFO] 19:09:26 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 19:09:26 [INFO] Copying org.jacoco.agent-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.agent-0.8.8.jar 19:09:26 [INFO] Copying org.jacoco.ant-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.ant-0.8.8.jar 19:09:26 [INFO] Copying org.jacoco.core-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.core-0.8.8.jar 19:09:26 [INFO] Copying org.jacoco.report-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.report-0.8.8.jar 19:09:26 [INFO] Copying asm-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-9.5.jar 19:09:26 [INFO] Copying asm-commons-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-commons-9.5.jar 19:09:26 [INFO] Copying asm-tree-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-tree-9.5.jar 19:09:26 [INFO] 19:09:26 [INFO] --- maven-antrun-plugin:1.8:run (sleep-for-a-while) @ org.openspcoop2.testsuite.coverage --- 19:09:26 [INFO] Executing tasks 19:09:26 19:09:26 main: 19:09:31 [INFO] Executed tasks 19:09:31 [INFO] 19:09:31 [INFO] --- dependency-check-maven:11.0.0:aggregate (check owasp) @ org.openspcoop2.testsuite.coverage --- 19:09:31 [INFO] Checking for updates 19:09:31 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 19:09:31 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 19:09:31 [INFO] Check for updates complete (70 ms) 19:09:31 [INFO] 19:09:31 19:09:31 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 19:09:31 19:09:31 19:09:31 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 19:09:31 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 19:09:31 19:09:31 💖 Sponsor: https://github.com/sponsors/jeremylong 19:09:31 19:09:31 19:09:31 [INFO] Analysis Started 19:09:31 [INFO] Finished File Name Analyzer (0 seconds) 19:09:31 [INFO] Finished Dependency Merging Analyzer (0 seconds) 19:09:31 [INFO] Finished Hint Analyzer (0 seconds) 19:09:31 [INFO] Finished Version Filter Analyzer (0 seconds) 19:09:32 [INFO] Created CPE Index (1 seconds) 19:09:32 [INFO] Finished CPE Analyzer (1 seconds) 19:09:32 [INFO] Finished False Positive Analyzer (0 seconds) 19:09:32 [INFO] Finished NVD CVE Analyzer (0 seconds) 19:09:32 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 19:09:32 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 19:09:32 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 19:09:32 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 19:09:32 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 19:09:32 [INFO] Analysis Complete (1 seconds) 19:09:32 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 19:09:32 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 19:09:32 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 19:09:32 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 19:09:32 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 19:09:32 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 19:09:32 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 19:09:32 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 19:09:32 [INFO] 19:09:32 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 19:09:32 [INFO] Building compile 1.0 [62/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- 19:09:32 [INFO] Building package 1.0 [63/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- 19:09:32 [INFO] Building testsuite.utils 1.0 [64/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- 19:09:32 [INFO] Building testsuite.utils.sql 1.0 [65/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- 19:09:32 [INFO] Building testsuite.pdd.core 1.0 [66/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- 19:09:32 [INFO] Building testsuite.pdd.core.sql 1.0 [67/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ 19:09:32 [INFO] Building static_analysis.spotbugs 1.0 [68/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ 19:09:32 [INFO] Building static_analysis.sonarqube 1.0 [69/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- 19:09:32 [INFO] Building dynamic_analysis.zap 1.0 [70/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] 19:09:32 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- 19:09:32 [INFO] Building coverage.jacoco 1.0 [71/71] 19:09:32 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:32 [INFO] ------------------------------------------------------------------------ 19:09:32 [INFO] Reactor Summary for govway 1.0: 19:09:32 [INFO] 19:09:32 [INFO] govway ............................................. SUCCESS [ 0.006 s] 19:09:32 [INFO] dependencies ....................................... SUCCESS [01:14 min] 19:09:32 [INFO] dependencies.ant ................................... SUCCESS [ 8.075 s] 19:09:32 [INFO] dependencies.antinstaller .......................... SUCCESS [ 9.203 s] 19:09:32 [INFO] dependencies.axiom ................................. SUCCESS [ 7.279 s] 19:09:32 [INFO] dependencies.bean-validation ....................... SUCCESS [ 7.281 s] 19:09:32 [INFO] dependencies.cxf ................................... SUCCESS [ 7.993 s] 19:09:32 [INFO] dependencies.commons ............................... SUCCESS [ 8.134 s] 19:09:32 [INFO] dependencies.faces ................................. SUCCESS [ 16.718 s] 19:09:32 [INFO] dependencies.git ................................... SUCCESS [ 6.824 s] 19:09:32 [INFO] dependencies.httpcore .............................. SUCCESS [ 6.990 s] 19:09:32 [INFO] dependencies.jackson ............................... SUCCESS [ 7.234 s] 19:09:32 [INFO] dependencies.javax ................................. SUCCESS [ 7.439 s] 19:09:32 [INFO] dependencies.jax ................................... SUCCESS [ 7.476 s] 19:09:32 [INFO] dependencies.jetty ................................. SUCCESS [ 6.558 s] 19:09:32 [INFO] dependencies.jminix ................................ SUCCESS [ 7.844 s] 19:09:32 [INFO] dependencies.json .................................. SUCCESS [ 7.008 s] 19:09:32 [INFO] dependencies.log ................................... SUCCESS [ 7.216 s] 19:09:32 [INFO] dependencies.lucene ................................ SUCCESS [ 6.953 s] 19:09:32 [INFO] dependencies.swagger ............................... SUCCESS [ 7.182 s] 19:09:32 [INFO] dependencies.opensaml .............................. SUCCESS [ 7.337 s] 19:09:32 [INFO] dependencies.pdf ................................... SUCCESS [ 6.865 s] 19:09:32 [INFO] dependencies.redis ................................. SUCCESS [ 7.032 s] 19:09:32 [INFO] dependencies.reports ............................... SUCCESS [ 7.467 s] 19:09:32 [INFO] dependencies.saaj .................................. SUCCESS [ 6.891 s] 19:09:32 [INFO] dependencies.security .............................. SUCCESS [ 7.368 s] 19:09:32 [INFO] dependencies.shared ................................ SUCCESS [ 8.738 s] 19:09:32 [INFO] dependencies.soapbox ............................... SUCCESS [ 7.136 s] 19:09:32 [INFO] dependencies.spring ................................ SUCCESS [ 7.175 s] 19:09:32 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 6.851 s] 19:09:32 [INFO] dependencies.spring-security ....................... SUCCESS [ 7.011 s] 19:09:32 [INFO] dependencies.swagger ............................... SUCCESS [ 15.789 s] 19:09:32 [INFO] dependencies.wadl .................................. SUCCESS [ 6.801 s] 19:09:32 [INFO] dependencies.wss4j ................................. SUCCESS [ 7.031 s] 19:09:32 [INFO] dependencies.testsuite ............................. SUCCESS [ 6.864 s] 19:09:32 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 6.780 s] 19:09:32 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 6.582 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly8 ................. SUCCESS [ 6.906 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly9 ................. SUCCESS [ 7.148 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly10 ................ SUCCESS [ 7.234 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly11 ................ SUCCESS [ 6.628 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly12 ................ SUCCESS [ 7.059 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly13 ................ SUCCESS [ 6.734 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly14 ................ SUCCESS [ 6.955 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly15 ................ SUCCESS [ 6.663 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly16 ................ SUCCESS [ 6.462 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly17 ................ SUCCESS [ 6.550 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly18 ................ SUCCESS [ 6.818 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly19 ................ SUCCESS [ 6.692 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly20 ................ SUCCESS [ 6.828 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly21 ................ SUCCESS [ 6.623 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly22 ................ SUCCESS [ 6.438 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly23 ................ SUCCESS [ 6.795 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly24 ................ SUCCESS [ 6.732 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly25 ................ SUCCESS [ 6.778 s] 19:09:32 [INFO] dependencies.testsuite.as.wildfly26 ................ SUCCESS [ 6.706 s] 19:09:32 [INFO] dependencies.testsuite.as.tomcat9 .................. SUCCESS [ 6.679 s] 19:09:32 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 6.581 s] 19:09:32 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 6.486 s] 19:09:32 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 6.827 s] 19:09:32 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 6.513 s] 19:09:32 [INFO] compile ............................................ SUCCESS [ 0.000 s] 19:09:32 [INFO] package ............................................ SUCCESS [ 0.000 s] 19:09:32 [INFO] testsuite.utils .................................... SUCCESS [ 0.001 s] 19:09:32 [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.000 s] 19:09:32 [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.001 s] 19:09:32 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.000 s] 19:09:32 [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.001 s] 19:09:32 [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.000 s] 19:09:32 [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.000 s] 19:09:32 [INFO] coverage.jacoco .................................... SUCCESS [ 0.001 s] 19:09:32 [INFO] ------------------------------------------------------------------------ 19:09:32 [INFO] BUILD SUCCESS 19:09:32 [INFO] ------------------------------------------------------------------------ 19:09:32 [INFO] Total time: 08:30 min 19:09:32 [INFO] Finished at: 2024-11-15T19:09:32+01:00 19:09:32 [INFO] ------------------------------------------------------------------------ 19:09:32 [GovWay] $ /bin/bash /tmp/jenkins15968603169448312070.sh 19:09:32 Pubblicazione risultati dependency check ... 19:09:32 cp: cannot create directory ‘/opt/apache-tomcat-9.0.91/webapps/dependency-check/result’: No such file or directory 19:09:32 Pubblicazione risultati dependency check effettuata 19:09:32 Pubblicazione installer su risultati testsuite ... 19:09:33 Pubblicazione installer su risultati testsuite effettuata 19:09:33 [GovWay] $ /opt/apache-maven-3.6.3/bin/mvn -Dpackage=none -Dcompile=compile -Dowasp=none -Dtestsuite=none compile 19:09:34 [INFO] Scanning for projects... 19:09:35 [INFO] ------------------------------------------------------------------------ 19:09:35 [INFO] Reactor Build Order: 19:09:35 [INFO] 19:09:35 [INFO] govway [pom] 19:09:35 [INFO] dependencies [pom] 19:09:35 [INFO] dependencies.ant [pom] 19:09:35 [INFO] dependencies.antinstaller [pom] 19:09:35 [INFO] dependencies.axiom [pom] 19:09:35 [INFO] dependencies.bean-validation [pom] 19:09:35 [INFO] dependencies.cxf [pom] 19:09:35 [INFO] dependencies.commons [pom] 19:09:35 [INFO] dependencies.faces [pom] 19:09:35 [INFO] dependencies.git [pom] 19:09:35 [INFO] dependencies.httpcore [pom] 19:09:35 [INFO] dependencies.jackson [pom] 19:09:35 [INFO] dependencies.javax [pom] 19:09:35 [INFO] dependencies.jax [pom] 19:09:35 [INFO] dependencies.jetty [pom] 19:09:35 [INFO] dependencies.jminix [pom] 19:09:35 [INFO] dependencies.json [pom] 19:09:35 [INFO] dependencies.log [pom] 19:09:35 [INFO] dependencies.lucene [pom] 19:09:35 [INFO] dependencies.swagger [pom] 19:09:35 [INFO] dependencies.opensaml [pom] 19:09:35 [INFO] dependencies.pdf [pom] 19:09:35 [INFO] dependencies.redis [pom] 19:09:35 [INFO] dependencies.reports [pom] 19:09:35 [INFO] dependencies.saaj [pom] 19:09:35 [INFO] dependencies.security [pom] 19:09:35 [INFO] dependencies.shared [pom] 19:09:35 [INFO] dependencies.soapbox [pom] 19:09:35 [INFO] dependencies.spring [pom] 19:09:35 [INFO] dependencies.spring-ldap [pom] 19:09:35 [INFO] dependencies.spring-security [pom] 19:09:35 [INFO] dependencies.swagger [pom] 19:09:35 [INFO] dependencies.wadl [pom] 19:09:35 [INFO] dependencies.wss4j [pom] 19:09:35 [INFO] dependencies.testsuite [pom] 19:09:35 [INFO] dependencies.testsuite.axis14 [pom] 19:09:35 [INFO] dependencies.testsuite.as [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly8 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly9 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly10 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly11 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly12 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly13 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly14 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly15 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly16 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly17 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly18 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly19 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly20 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly21 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly22 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly23 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly24 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly25 [pom] 19:09:35 [INFO] dependencies.testsuite.as.wildfly26 [pom] 19:09:35 [INFO] dependencies.testsuite.as.tomcat9 [pom] 19:09:35 [INFO] dependencies.testsuite.test [pom] 19:09:35 [INFO] dependencies.testsuite.staticAnalysis [pom] 19:09:35 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 19:09:35 [INFO] dependencies.testsuite.coverage [pom] 19:09:35 [INFO] compile [pom] 19:09:35 [INFO] package [pom] 19:09:35 [INFO] testsuite.utils [pom] 19:09:35 [INFO] testsuite.utils.sql [pom] 19:09:35 [INFO] testsuite.pdd.core [pom] 19:09:35 [INFO] testsuite.pdd.core.sql [pom] 19:09:35 [INFO] static_analysis.spotbugs [pom] 19:09:35 [INFO] static_analysis.sonarqube [pom] 19:09:35 [INFO] dynamic_analysis.zap [pom] 19:09:35 [INFO] coverage.jacoco [pom] 19:09:35 [INFO] 19:09:35 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 19:09:35 [INFO] Building govway 1.0 [1/71] 19:09:35 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:35 [INFO] 19:09:35 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 19:09:35 [INFO] Building dependencies 1.0 [2/71] 19:09:35 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:35 [INFO] 19:09:35 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 19:09:35 [INFO] Building dependencies.ant 1.0 [3/71] 19:09:35 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:35 [INFO] 19:09:35 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.ant --- 19:09:35 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 19:09:35 [INFO] 19:09:35 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 19:09:36 [INFO] Copying ant-contrib-1.0b3.jar to /var/lib/jenkins/workspace/GovWay/lib/ant/ant-contrib-1.0b3.jar 19:09:36 [INFO] 19:09:36 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 19:09:36 [INFO] Building dependencies.antinstaller 1.0 [4/71] 19:09:36 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:36 [INFO] 19:09:36 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.antinstaller --- 19:09:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 19:09:36 [INFO] 19:09:36 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 19:09:36 [INFO] Copying ant-installer-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-installer-0.8b.jar 19:09:36 [INFO] Copying xml-apis_antinstaller-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/xml-apis_antinstaller-0.8b.jar 19:09:36 [INFO] Copying ai-icons-eclipse_antinstaller-0.8b.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ai-icons-eclipse_antinstaller-0.8b.jar 19:09:36 [INFO] Copying jgoodies-edited-1.2.2-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/jgoodies-edited-1.2.2-gov4j-1.jar 19:09:36 [INFO] Copying ant-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-1.10.11.jar 19:09:36 [INFO] Copying ant-apache-regexp-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-apache-regexp-1.10.11.jar 19:09:36 [INFO] Copying ant-launcher-1.10.11.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/ant-launcher-1.10.11.jar 19:09:36 [INFO] Copying jakarta-regexp-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/antinstaller/jakarta-regexp-1.5.jar 19:09:36 [INFO] 19:09:36 [INFO] ---------------< org.openspcoop2:org.openspcoop2.axiom >---------------- 19:09:36 [INFO] Building dependencies.axiom 1.0 [5/71] 19:09:36 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:36 [INFO] 19:09:36 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.axiom --- 19:09:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axiom (includes = [*.jar], excludes = []) 19:09:36 [INFO] 19:09:36 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.axiom --- 19:09:36 [INFO] Copying axiom-api-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-api-1.2.13-gov4j-2.jar 19:09:36 [INFO] Copying axiom-dom-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-dom-1.2.13-gov4j-2.jar 19:09:36 [INFO] Copying axiom-impl-1.2.13-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-impl-1.2.13-gov4j-2.jar 19:09:36 [INFO] Copying axiom-common-impl-1.2.13.jar to /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-common-impl-1.2.13.jar 19:09:36 [INFO] 19:09:36 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 19:09:36 [INFO] Building dependencies.bean-validation 1.0 [6/71] 19:09:36 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:36 [INFO] 19:09:36 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.bean-validation --- 19:09:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 19:09:36 [INFO] 19:09:36 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 19:09:36 [INFO] Copying hibernate-validator-6.2.5.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/hibernate-validator-6.2.5.Final.jar 19:09:36 [INFO] Copying hibernate-validator-cdi-6.2.5.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/hibernate-validator-cdi-6.2.5.Final.jar 19:09:36 [INFO] Copying classmate-1.5.1.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/classmate-1.5.1.jar 19:09:36 [INFO] Copying jboss-logging-3.4.3.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/bean-validation/jboss-logging-3.4.3.Final.jar 19:09:36 [INFO] 19:09:36 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 19:09:36 [INFO] Building dependencies.cxf 1.0 [7/71] 19:09:36 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:36 [INFO] 19:09:36 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.cxf --- 19:09:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 19:09:37 [INFO] Copying cxf-core-3.6.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-3.6.4-gov4j-1.jar 19:09:37 [INFO] Copying cxf-rt-rs-security-jose-3.6.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-3.6.4-gov4j-1.jar 19:09:37 [INFO] Copying cxf-rt-bindings-soap-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-bindings-soap-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-databinding-jaxb-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-databinding-jaxb-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-features-logging-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-features-logging-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-frontend-jaxrs-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-jaxrs-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-frontend-jaxws-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-jaxws-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-frontend-simple-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-frontend-simple-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-rs-json-basic-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-json-basic-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-rs-security-jose-jaxrs-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-jaxrs-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-rs-service-description-openapi-v3-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-openapi-v3-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-rs-service-description-swagger-ui-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-swagger-ui-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-rs-service-description-common-openapi-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-service-description-common-openapi-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-rs-client-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-client-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-security-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-security-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-security-saml-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-security-saml-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-transports-http-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-transports-http-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-transports-http-jetty-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-transports-http-jetty-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-wsdl-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-wsdl-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-ws-policy-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-ws-policy-3.6.4.jar 19:09:37 [INFO] Copying cxf-rt-ws-security-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-ws-security-3.6.4.jar 19:09:37 [INFO] Copying cxf-tools-common-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-common-3.6.4.jar 19:09:37 [INFO] Copying cxf-tools-validator-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-validator-3.6.4.jar 19:09:37 [INFO] Copying cxf-tools-wsdlto-core-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-core-3.6.4.jar 19:09:37 [INFO] Copying cxf-tools-wsdlto-databinding-jaxb-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-databinding-jaxb-3.6.4.jar 19:09:37 [INFO] Copying cxf-tools-wsdlto-frontend-jaxws-3.6.4.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-tools-wsdlto-frontend-jaxws-3.6.4.jar 19:09:37 [INFO] Copying jakarta.ws.rs-api-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/jakarta.ws.rs-api-2.1.6.jar 19:09:37 [INFO] Copying stax2-api-4.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/stax2-api-4.2.2.jar 19:09:37 [INFO] Copying woodstox-core-6.6.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/woodstox-core-6.6.2.jar 19:09:37 [INFO] Copying xml-resolver-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/xml-resolver-1.2.jar 19:09:37 [INFO] Copying xmlschema-core-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/xmlschema-core-2.3.1.jar 19:09:37 [INFO] Copying asm-9.7.jar to /var/lib/jenkins/workspace/GovWay/lib/cxf/asm-9.7.jar 19:09:37 [INFO] 19:09:37 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 19:09:37 [INFO] Building dependencies.commons 1.0 [8/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.commons --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 19:09:37 [INFO] Copying commons-beanutils-1.9.4.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-beanutils-1.9.4.jar 19:09:37 [INFO] Copying commons-chain-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-chain-1.2.jar 19:09:37 [INFO] Copying commons-cli-1.5.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-cli-1.5.0.jar 19:09:37 [INFO] Copying commons-codec-1.15.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-codec-1.15.jar 19:09:37 [INFO] Copying commons-collections-3.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-collections-3.2.2.jar 19:09:37 [INFO] Copying commons-collections4-4.4.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-collections4-4.4.jar 19:09:37 [INFO] Copying commons-compress-1.26.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-compress-1.26.0.jar 19:09:37 [INFO] Copying commons-csv-1.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-csv-1.9.0.jar 19:09:37 [INFO] Copying commons-dbcp2-2.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-dbcp2-2.9.0.jar 19:09:37 [INFO] Copying commons-digester-2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-digester-2.1.jar 19:09:37 [INFO] Copying commons-discovery-0.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-discovery-0.5.jar 19:09:37 [INFO] Copying commons-email-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-email-1.5.jar 19:09:37 [INFO] Copying commons-fileupload-1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-fileupload-1.5.jar 19:09:37 [INFO] Copying commons-io-2.15.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-io-2.15.1.jar 19:09:37 [INFO] Copying commons-lang-2.6.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-lang-2.6.jar 19:09:37 [INFO] Copying commons-lang3-3.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-lang3-3.12.0.jar 19:09:37 [INFO] Copying commons-logging-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-logging-1.2.jar 19:09:37 [INFO] Copying commons-math3-3.6.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-math3-3.6.1.jar 19:09:37 [INFO] Copying commons-net-3.9.0.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-net-3.9.0.jar 19:09:37 [INFO] Copying commons-pool2-2.11.1.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-pool2-2.11.1.jar 19:09:37 [INFO] Copying commons-validator-1.7.jar to /var/lib/jenkins/workspace/GovWay/lib/commons/commons-validator-1.7.jar 19:09:37 [INFO] 19:09:37 [INFO] ---------------< org.openspcoop2:org.openspcoop2.faces >---------------- 19:09:37 [INFO] Building dependencies.faces 1.0 [9/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.faces --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/faces (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.faces --- 19:09:37 [INFO] Copying facelets-taglib-jsf12-spring-4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/facelets-taglib-jsf12-spring-4-gov4j-1.jar 19:09:37 [INFO] Copying facelets-taglib-jsf20-spring-4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/facelets-taglib-jsf20-spring-4-gov4j-1.jar 19:09:37 [INFO] Copying aopalliance-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/aopalliance-1.0.jar 19:09:37 [INFO] Copying cglib-nodep-2.2.3.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/cglib-nodep-2.2.3.jar 19:09:37 [INFO] Copying el-impl-2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/el-impl-2.2.jar 19:09:37 [INFO] Copying javax.faces-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.faces-2.4.0.jar 19:09:37 [INFO] Copying javax.servlet.jsp.jstl-1.2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.servlet.jsp.jstl-1.2.1.jar 19:09:37 [INFO] Copying javax.servlet.jsp.jstl-api-1.2.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/javax.servlet.jsp.jstl-api-1.2.1.jar 19:09:37 [INFO] Copying jsf-api-1.2_15-06.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-api-1.2_15-06.jar 19:09:37 [INFO] Copying jsf-impl-1.2_15-06.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-impl-1.2_15-06.jar 19:09:37 [INFO] Copying jsf-facelets-1.1.15.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsf-facelets-1.1.15.jar 19:09:37 [INFO] Copying jsr311-api-1.1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/jsr311-api-1.1.1.jar 19:09:37 [INFO] Copying richfaces-api-3.3.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-api-3.3.4.Final.jar 19:09:37 [INFO] Copying richfaces-impl-3.3.4.Final-gov4j-4.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-impl-3.3.4.Final-gov4j-4.jar 19:09:37 [INFO] Copying richfaces-impl-jsf2-3.3.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-impl-jsf2-3.3.4.Final.jar 19:09:37 [INFO] Copying richfaces-ui-3.3.4.Final-gov4j-4.jar to /var/lib/jenkins/workspace/GovWay/lib/faces/richfaces-ui-3.3.4.Final-gov4j-4.jar 19:09:37 [INFO] 19:09:37 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 19:09:37 [INFO] Building dependencies.git 1.0 [10/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.git --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 19:09:37 [INFO] Copying openspcoop2_git-task-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/git/openspcoop2_git-task-1.0.jar 19:09:37 [INFO] Copying org.eclipse.jgit-6.7.0.202309050840-r.jar to /var/lib/jenkins/workspace/GovWay/lib/git/org.eclipse.jgit-6.7.0.202309050840-r.jar 19:09:37 [INFO] 19:09:37 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 19:09:37 [INFO] Building dependencies.httpcore 1.0 [11/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.httpcore --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 19:09:37 [INFO] Copying httpcore-4.4.15.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-4.4.15.jar 19:09:37 [INFO] Copying httpcore-nio-4.4.15.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-nio-4.4.15.jar 19:09:37 [INFO] Copying httpcore-ab-4.4.15-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-ab-4.4.15-gov4j-2.jar 19:09:37 [INFO] Copying apache-mime4j-core-0.8.10.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/apache-mime4j-core-0.8.10.jar 19:09:37 [INFO] Copying apache-mime4j-dom-0.8.10.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/apache-mime4j-dom-0.8.10.jar 19:09:37 [INFO] Copying fluent-hc-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/fluent-hc-4.5.13.jar 19:09:37 [INFO] Copying httpclient-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-4.5.13.jar 19:09:37 [INFO] Copying httpclient-cache-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-cache-4.5.13.jar 19:09:37 [INFO] Copying httpclient-win-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpclient-win-4.5.13.jar 19:09:37 [INFO] Copying httpmime-4.5.13.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpmime-4.5.13.jar 19:09:37 [INFO] Copying httpasyncclient-4.1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpasyncclient-4.1.5.jar 19:09:37 [INFO] Copying httpasyncclient-cache-4.1.5.jar to /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpasyncclient-cache-4.1.5.jar 19:09:37 [INFO] 19:09:37 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 19:09:37 [INFO] Building dependencies.jackson 1.0 [12/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jackson --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 19:09:37 [INFO] Copying jackson-annotations-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-annotations-2.14.2.jar 19:09:37 [INFO] Copying jackson-core-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-core-2.14.2.jar 19:09:37 [INFO] Copying jackson-databind-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-databind-2.14.2.jar 19:09:37 [INFO] Copying jackson-dataformat-xml-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-dataformat-xml-2.14.2.jar 19:09:37 [INFO] Copying jackson-dataformat-yaml-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-dataformat-yaml-2.14.2.jar 19:09:37 [INFO] Copying jackson-jaxrs-base-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-base-2.14.2.jar 19:09:37 [INFO] Copying jackson-jaxrs-json-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-json-provider-2.14.2.jar 19:09:37 [INFO] Copying jackson-jaxrs-xml-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-xml-provider-2.14.2.jar 19:09:37 [INFO] Copying jackson-jaxrs-yaml-provider-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-jaxrs-yaml-provider-2.14.2.jar 19:09:37 [INFO] Copying jackson-module-jaxb-annotations-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-module-jaxb-annotations-2.14.2.jar 19:09:37 [INFO] Copying jackson-module-jsonSchema-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-module-jsonSchema-2.14.2.jar 19:09:37 [INFO] Copying jackson-datatype-joda-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-datatype-joda-2.14.2.jar 19:09:37 [INFO] Copying jackson-datatype-jsr310-2.14.2.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-datatype-jsr310-2.14.2.jar 19:09:37 [INFO] Copying jackson-coreutils-1.8.jar to /var/lib/jenkins/workspace/GovWay/lib/jackson/jackson-coreutils-1.8.jar 19:09:37 [INFO] 19:09:37 [INFO] ---------------< org.openspcoop2:org.openspcoop2.javax >---------------- 19:09:37 [INFO] Building dependencies.javax 1.0 [13/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.javax --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/javax (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.javax --- 19:09:37 [INFO] Copying javax.management-1.0-gov4j.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.management-1.0-gov4j.jar 19:09:37 [INFO] Copying javax.xml.registry-api-1.0.8.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.xml.registry-api-1.0.8.jar 19:09:37 [INFO] Copying jta-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/jta-1.1.jar 19:09:37 [INFO] Copying javax.servlet-api-4.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.servlet-api-4.0.1.jar 19:09:37 [INFO] Copying javax.security.jacc-api-1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.security.jacc-api-1.6.jar 19:09:37 [INFO] Copying javax.resource-api-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.resource-api-1.7.1.jar 19:09:37 [INFO] Copying persistence-api-1.0.2.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/persistence-api-1.0.2.jar 19:09:37 [INFO] Copying javax.jms-api-2.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.jms-api-2.0.1.jar 19:09:37 [INFO] Copying deployment-api-1.2-rev-1.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/deployment-api-1.2-rev-1.jar 19:09:37 [INFO] Copying ejb-api-3.0.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/ejb-api-3.0.jar 19:09:37 [INFO] Copying el-api-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/el-api-1.0.jar 19:09:37 [INFO] Copying javax.annotation-api-1.3.2.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/javax.annotation-api-1.3.2.jar 19:09:37 [INFO] Copying validation-api-2.0.1.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/validation-api-2.0.1.Final.jar 19:09:37 [INFO] Copying openjdk-orb-8.1.9.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/javax/openjdk-orb-8.1.9.Final.jar 19:09:37 [INFO] 19:09:37 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jax >----------------- 19:09:37 [INFO] Building dependencies.jax 1.0 [14/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jax --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jax (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jax --- 19:09:37 [INFO] Copying jaxp-ri-1.4.5-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxp-ri-1.4.5-gov4j-1.jar 19:09:37 [INFO] Copying jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar 19:09:37 [INFO] Copying jaxws-api-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-api-2.3.1.jar 19:09:37 [INFO] Copying jaxb-api-2.3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-api-2.3.1.jar 19:09:37 [INFO] Copying jaxb-core-2.3.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-core-2.3.0.1.jar 19:09:37 [INFO] Copying jaxb-impl-2.3.7.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-impl-2.3.7.jar 19:09:37 [INFO] Copying jaxb-xjc-2.3.7.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxb-xjc-2.3.7.jar 19:09:37 [INFO] 19:09:37 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.jax --- 19:09:37 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-jsr181-api-2.3.1.jar 19:09:37 [INFO] 19:09:37 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 19:09:37 [INFO] Building dependencies.jetty 1.0 [15/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jetty --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 19:09:37 [INFO] Copying jetty-http-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-http-10.0.24.jar 19:09:37 [INFO] Copying jetty-io-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-io-10.0.24.jar 19:09:37 [INFO] Copying jetty-security-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-security-10.0.24.jar 19:09:37 [INFO] Copying jetty-server-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-server-10.0.24.jar 19:09:37 [INFO] Copying jetty-util-10.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/jetty/jetty-util-10.0.24.jar 19:09:37 [INFO] 19:09:37 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jminix >--------------- 19:09:37 [INFO] Building dependencies.jminix 1.0 [16/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.jminix --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jminix (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jminix --- 19:09:37 [INFO] Copying jminix-standalone-1.2.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-standalone-1.2.0-gov4j-1.jar 19:09:37 [INFO] Copying jminix-1.2.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-1.2.0-gov4j-1.jar 19:09:37 [INFO] Copying org.restlet-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet-2.4.0.jar 19:09:37 [INFO] Copying org.restlet.ext.servlet-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet.ext.servlet-2.4.0.jar 19:09:37 [INFO] Copying org.restlet.ext.velocity-2.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/jminix/org.restlet.ext.velocity-2.4.0.jar 19:09:37 [INFO] 19:09:37 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 19:09:37 [INFO] Building dependencies.json 1.0 [17/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.json --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 19:09:37 [INFO] Copying org.everit.json.schema-1.14.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/org.everit.json.schema-1.14.1.jar 19:09:37 [INFO] Copying uri-template-0.9.jar to /var/lib/jenkins/workspace/GovWay/lib/json/uri-template-0.9.jar 19:09:37 [INFO] Copying json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar 19:09:37 [INFO] Copying itu-1.7.0.jar to /var/lib/jenkins/workspace/GovWay/lib/json/itu-1.7.0.jar 19:09:37 [INFO] Copying msg-simple-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/msg-simple-1.1.jar 19:09:37 [INFO] Copying libphonenumber-8.12.57.jar to /var/lib/jenkins/workspace/GovWay/lib/json/libphonenumber-8.12.57.jar 19:09:37 [INFO] Copying failureaccess-1.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/failureaccess-1.0.1.jar 19:09:37 [INFO] Copying json-smart-2.4.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-smart-2.4.10.jar 19:09:37 [INFO] Copying json-schema-core-1.2.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-core-1.2.8.jar 19:09:37 [INFO] Copying json-path-2.9.0-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0-gov4j-1.jar 19:09:37 [INFO] Copying json-lib-2.4-jdk15.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-lib-2.4-jdk15.jar 19:09:37 [INFO] Copying json-20231013.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-20231013.jar 19:09:37 [INFO] Copying jettison-1.5.4.jar to /var/lib/jenkins/workspace/GovWay/lib/json/jettison-1.5.4.jar 19:09:37 [INFO] Copying handy-uri-templates-2.1.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/handy-uri-templates-2.1.8.jar 19:09:37 [INFO] Copying json-schema-validator-2.2.10.jar to /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-2.2.10.jar 19:09:37 [INFO] Copying btf-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/json/btf-1.2.jar 19:09:37 [INFO] Copying accessors-smart-2.4.8.jar to /var/lib/jenkins/workspace/GovWay/lib/json/accessors-smart-2.4.8.jar 19:09:37 [INFO] 19:09:37 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.json --- 19:09:37 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.0.73.jar 19:09:37 [INFO] 19:09:37 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 19:09:37 [INFO] Building dependencies.log 1.0 [18/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.log --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 19:09:37 [INFO] Copying slf4j-api-2.0.3-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.3-gov4j-1.jar 19:09:37 [INFO] Copying log4j-1.2-api-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-1.2-api-2.19.0.jar 19:09:37 [INFO] Copying log4j-api-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-api-2.19.0.jar 19:09:37 [INFO] Copying log4j-core-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-core-2.19.0.jar 19:09:37 [INFO] Copying log4j-jcl-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-jcl-2.19.0.jar 19:09:37 [INFO] Copying log4j-slf4j2-impl-2.19.0.jar to /var/lib/jenkins/workspace/GovWay/lib/log/log4j-slf4j2-impl-2.19.0.jar 19:09:37 [INFO] 19:09:37 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 19:09:37 [INFO] Building dependencies.lucene 1.0 [19/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.lucene --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 19:09:37 [INFO] Copying lucene-codecs-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-codecs-9.12.0.jar 19:09:37 [INFO] Copying lucene-core-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-core-9.12.0.jar 19:09:37 [INFO] Copying lucene-misc-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-misc-9.12.0.jar 19:09:37 [INFO] Copying lucene-queries-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-queries-9.12.0.jar 19:09:37 [INFO] Copying lucene-suggest-9.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/lucene/lucene-suggest-9.12.0.jar 19:09:37 [INFO] 19:09:37 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 19:09:37 [INFO] Building dependencies.swagger 1.0 [20/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.openapi4j --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 19:09:37 [INFO] Copying openapi-core-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7-gov4j-7.jar 19:09:37 [INFO] Copying openapi-parser-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7-gov4j-7.jar 19:09:37 [INFO] Copying openapi-schema-validator-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7-gov4j-7.jar 19:09:37 [INFO] Copying openapi-operation-validator-1.0.7-gov4j-7.jar to /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7-gov4j-7.jar 19:09:37 [INFO] 19:09:37 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 19:09:37 [INFO] Building dependencies.opensaml 1.0 [21/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.opensaml --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 19:09:37 [INFO] Copying opensaml-core-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-core-3.4.6.jar 19:09:37 [INFO] Copying opensaml-messaging-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-messaging-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-messaging-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-messaging-impl-3.4.6.jar 19:09:37 [INFO] Copying opensaml-profile-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-profile-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-profile-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-profile-impl-3.4.6.jar 19:09:37 [INFO] Copying opensaml-saml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-saml-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-saml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-saml-impl-3.4.6.jar 19:09:37 [INFO] Copying opensaml-security-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-security-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-security-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-security-impl-3.4.6.jar 19:09:37 [INFO] Copying opensaml-soap-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-soap-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-soap-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-soap-impl-3.4.6.jar 19:09:37 [INFO] Copying opensaml-storage-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-storage-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-storage-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-storage-impl-3.4.6.jar 19:09:37 [INFO] Copying opensaml-xacml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-xacml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-impl-3.4.6.jar 19:09:37 [INFO] Copying opensaml-xacml-saml-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-saml-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-xacml-saml-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xacml-saml-impl-3.4.6.jar 19:09:37 [INFO] Copying opensaml-xmlsec-api-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xmlsec-api-3.4.6.jar 19:09:37 [INFO] Copying opensaml-xmlsec-impl-3.4.6.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/opensaml-xmlsec-impl-3.4.6.jar 19:09:37 [INFO] Copying java-support-7.5.2.jar to /var/lib/jenkins/workspace/GovWay/lib/opensaml/java-support-7.5.2.jar 19:09:37 [INFO] 19:09:37 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 19:09:37 [INFO] Building dependencies.pdf 1.0 [22/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.pdf --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 19:09:37 [INFO] Copying pdfbox-2.0.27.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/pdfbox-2.0.27.jar 19:09:37 [INFO] Copying fontbox-2.0.27.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/fontbox-2.0.27.jar 19:09:37 [INFO] Copying boxable-1.7.0.jar to /var/lib/jenkins/workspace/GovWay/lib/pdf/boxable-1.7.0.jar 19:09:37 [INFO] 19:09:37 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 19:09:37 [INFO] Building dependencies.redis 1.0 [23/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.redis --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 19:09:37 [INFO] Copying redisson-3.23.5.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/redisson-3.23.5.jar 19:09:37 [INFO] Copying netty-resolver-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-resolver-4.1.115.Final.jar 19:09:37 [INFO] Copying netty-resolver-dns-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-resolver-dns-4.1.115.Final.jar 19:09:37 [INFO] Copying netty-common-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-common-4.1.115.Final.jar 19:09:37 [INFO] Copying netty-buffer-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-buffer-4.1.115.Final.jar 19:09:37 [INFO] Copying netty-transport-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-transport-4.1.115.Final.jar 19:09:37 [INFO] Copying netty-codec-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-codec-4.1.115.Final.jar 19:09:37 [INFO] Copying netty-codec-dns-4.1.115.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/netty-codec-dns-4.1.115.Final.jar 19:09:37 [INFO] Copying jboss-marshalling-2.1.3.SP1.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/jboss-marshalling-2.1.3.SP1.jar 19:09:37 [INFO] Copying jboss-marshalling-river-2.1.3.SP1.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/jboss-marshalling-river-2.1.3.SP1.jar 19:09:37 [INFO] Copying objenesis-3.3.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/objenesis-3.3.jar 19:09:37 [INFO] Copying kryo-5.5.0.jar to /var/lib/jenkins/workspace/GovWay/lib/redis/kryo-5.5.0.jar 19:09:37 [INFO] 19:09:37 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 19:09:37 [INFO] Building dependencies.reports 1.0 [24/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.reports --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 19:09:37 [INFO] Copying net.tascalate.javaflow.api-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/net.tascalate.javaflow.api-2.7.3.jar 19:09:37 [INFO] Copying SparseBitSet-1.2.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/SparseBitSet-1.2.jar 19:09:37 [INFO] Copying jfreechart-1.5.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jfreechart-1.5.3.jar 19:09:37 [INFO] Copying poi-5.2.3.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/poi-5.2.3.jar 19:09:37 [INFO] Copying jcommon-1.0.24.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jcommon-1.0.24.jar 19:09:37 [INFO] Copying jasperreports-6.20.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jasperreports-6.20.0.jar 19:09:37 [INFO] Copying jasperreports-metadata-6.20.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/jasperreports-metadata-6.20.0.jar 19:09:37 [INFO] Copying ecj-3.31.0.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/ecj-3.31.0.jar 19:09:37 [INFO] Copying dynamicreports-core-6.12.1.jar to /var/lib/jenkins/workspace/GovWay/lib/reports/dynamicreports-core-6.12.1.jar 19:09:37 [INFO] 19:09:37 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 19:09:37 [INFO] Building dependencies.saaj 1.0 [25/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.saaj --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 19:09:37 [INFO] Copying mimepull-1.9.14.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/mimepull-1.9.14.jar 19:09:37 [INFO] Copying javax.xml.soap-api-1.4.0.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/javax.xml.soap-api-1.4.0.jar 19:09:37 [INFO] Copying saaj-impl-1.5.3-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-1.5.3-gov4j-1.jar 19:09:37 [INFO] Copying stax-ex-1.8.3.jar to /var/lib/jenkins/workspace/GovWay/lib/saaj/stax-ex-1.8.3.jar 19:09:37 [INFO] 19:09:37 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 19:09:37 [INFO] Building dependencies.security 1.0 [26/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.security --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 19:09:37 [INFO] Copying bcpkix-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcpkix-jdk18on-1.78.1.jar 19:09:37 [INFO] Copying bcprov-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcprov-jdk18on-1.78.1.jar 19:09:37 [INFO] Copying bcutil-jdk18on-1.78.1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/bcutil-jdk18on-1.78.1.jar 19:09:37 [INFO] Copying cryptacular-1.2.5.jar to /var/lib/jenkins/workspace/GovWay/lib/security/cryptacular-1.2.5.jar 19:09:37 [INFO] Copying herasaf-xacml-core-2.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/security/herasaf-xacml-core-2.0.4.jar 19:09:37 [INFO] Copying jasypt-1.9.3.jar to /var/lib/jenkins/workspace/GovWay/lib/security/jasypt-1.9.3.jar 19:09:37 [INFO] Copying neethi-3.2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/security/neethi-3.2.0.jar 19:09:37 [INFO] Copying xmlsec-2.3.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/security/xmlsec-2.3.4-gov4j-1.jar 19:09:37 [INFO] Copying xml-security-impl-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/security/xml-security-impl-1.0.jar 19:09:37 [INFO] Copying nimbus-jose-jwt-9.37.3.jar to /var/lib/jenkins/workspace/GovWay/lib/security/nimbus-jose-jwt-9.37.3.jar 19:09:37 [INFO] 19:09:37 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 19:09:37 [INFO] Building dependencies.shared 1.0 [27/71] 19:09:37 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:37 [INFO] 19:09:37 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.shared --- 19:09:37 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 19:09:37 [INFO] 19:09:37 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 19:09:37 [INFO] Copying xmldb-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmldb-1.0.jar 19:09:37 [INFO] Copying reflections-0.10.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/reflections-0.10.2.jar 19:09:37 [INFO] Copying reactive-streams-1.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/reactive-streams-1.0.4.jar 19:09:38 [INFO] Copying javassist-3.29.2-GA.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/javassist-3.29.2-GA.jar 19:09:38 [INFO] Copying commons-jcs3-core-3.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/commons-jcs3-core-3.1-gov4j-2.jar 19:09:38 [INFO] Copying urlrewritefilter-4.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/urlrewritefilter-4.0.4.jar 19:09:38 [INFO] Copying velocity-engine-core-2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-engine-core-2.4.jar 19:09:38 [INFO] Copying velocity-tools-generic-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-generic-3.1.jar 19:09:38 [INFO] Copying velocity-tools-view-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-view-3.1.jar 19:09:38 [INFO] Copying velocity-tools-view-jsp-3.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/velocity-tools-view-jsp-3.1.jar 19:09:38 [INFO] Copying wsdl4j-1.6.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/wsdl4j-1.6.3.jar 19:09:38 [INFO] Copying xalan-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xalan-2.7.3.jar 19:09:38 [INFO] Copying serializer-2.7.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/serializer-2.7.3.jar 19:09:38 [INFO] Copying xercesImpl-2.12.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xercesImpl-2.12.2.jar 19:09:38 [INFO] Copying xml-apis-1.4.01.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xml-apis-1.4.01.jar 19:09:38 [INFO] Copying xmlunit-legacy-2.10.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlunit-legacy-2.10.0.jar 19:09:38 [INFO] Copying xmlunit-core-2.10.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlunit-core-2.10.0.jar 19:09:38 [INFO] Copying xom-1.2.11.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xom-1.2.11.jar 19:09:38 [INFO] Copying uddi4j-2.0.5.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/uddi4j-2.0.5.jar 19:09:38 [INFO] Copying mailapi-1.6.7.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/mailapi-1.6.7.jar 19:09:38 [INFO] Copying smtp-1.6.7.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/smtp-1.6.7.jar 19:09:38 [INFO] Copying Saxon-HE-11.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-11.4-gov4j-1.jar 19:09:38 [INFO] Copying xmlresolver-4.4.3.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/xmlresolver-4.4.3.jar 19:09:38 [INFO] Copying snakeyaml-1.33-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-1.33-gov4j-1.jar 19:09:38 [INFO] Copying struts-core-1.3.10.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/struts-core-1.3.10.jar 19:09:38 [INFO] Copying com.springsource.edu.oswego.cs.dl.util.concurrent-1.3.4.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/com.springsource.edu.oswego.cs.dl.util.concurrent-1.3.4.jar 19:09:38 [INFO] Copying ezmorph-1.0.6.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/ezmorph-1.0.6.jar 19:09:38 [INFO] Copying freemarker-2.3.31.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/freemarker-2.3.31.jar 19:09:38 [INFO] Copying guava-32.1.1-jre.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/guava-32.1.1-jre.jar 19:09:38 [INFO] Copying java-uuid-generator-4.0.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/java-uuid-generator-4.0.1.jar 19:09:38 [INFO] Copying joda-time-2.12.0.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/joda-time-2.12.0.jar 19:09:38 [INFO] Copying aspectjrt-1.9.9.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/aspectjrt-1.9.9.1.jar 19:09:38 [INFO] Copying aspectjweaver-1.9.9.1.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/aspectjweaver-1.9.9.1.jar 19:09:38 [INFO] Copying jakarta.activation-1.2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/jakarta.activation-1.2.2.jar 19:09:38 [INFO] Copying ehcache-3.10.2.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/ehcache-3.10.2.jar 19:09:38 [INFO] Copying rhino-1.7.14.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/rhino-1.7.14.jar 19:09:38 [INFO] Copying hazelcast-5.3.5.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/hazelcast-5.3.5.jar 19:09:38 [INFO] Copying hibernate-core-6.1.4.Final.jar to /var/lib/jenkins/workspace/GovWay/lib/shared/hibernate-core-6.1.4.Final.jar 19:09:38 [INFO] 19:09:38 [INFO] --------------< org.openspcoop2:org.openspcoop2.soapbox >--------------- 19:09:38 [INFO] Building dependencies.soapbox 1.0 [28/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.soapbox --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/soapbox (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.soapbox --- 19:09:38 [INFO] Copying metro-webservices_xwss_com_sun_xml-2.2.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/metro-webservices_xwss_com_sun_xml-2.2.jar 19:09:38 [INFO] Copying ultraesb-api-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/ultraesb-api-1.7.1.jar 19:09:38 [INFO] Copying ultraesb-core-1.7.1.jar to /var/lib/jenkins/workspace/GovWay/lib/soapbox/ultraesb-core-1.7.1.jar 19:09:38 [INFO] 19:09:38 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 19:09:38 [INFO] Building dependencies.spring 1.0 [29/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 19:09:38 [INFO] Copying spring-aop-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-aop-5.3.39.jar 19:09:38 [INFO] Copying spring-aspects-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-aspects-5.3.39.jar 19:09:38 [INFO] Copying spring-beans-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-beans-5.3.39-gov4j-1.jar 19:09:38 [INFO] Copying spring-context-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-5.3.39-gov4j-1.jar 19:09:38 [INFO] Copying spring-context-support-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-support-5.3.39-gov4j-1.jar 19:09:38 [INFO] Copying spring-core-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-core-5.3.39-gov4j-1.jar 19:09:38 [INFO] Copying spring-expression-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-expression-5.3.39-gov4j-1.jar 19:09:38 [INFO] Copying spring-orm-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-orm-5.3.39.jar 19:09:38 [INFO] Copying spring-tx-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-tx-5.3.39.jar 19:09:38 [INFO] Copying spring-web-5.3.39-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/spring/spring-web-5.3.39-gov4j-1.jar 19:09:38 [INFO] 19:09:38 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 19:09:38 [INFO] Building dependencies.spring-ldap 1.0 [30/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring-ldap --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 19:09:38 [INFO] Copying spring-ldap-core-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-ldap/spring-ldap-core-2.4.2.jar 19:09:38 [INFO] Copying spring-ldap-ldif-core-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-ldap/spring-ldap-ldif-core-2.4.2.jar 19:09:38 [INFO] 19:09:38 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 19:09:38 [INFO] Building dependencies.spring-security 1.0 [31/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.spring-security --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 19:09:38 [INFO] Copying spring-security-config-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-config-5.8.15.jar 19:09:38 [INFO] Copying spring-security-core-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-core-5.8.15.jar 19:09:38 [INFO] Copying spring-security-web-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-web-5.8.15.jar 19:09:38 [INFO] Copying spring-security-crypto-5.8.15.jar to /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-crypto-5.8.15.jar 19:09:38 [INFO] 19:09:38 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 19:09:38 [INFO] Building dependencies.swagger 1.0 [32/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.swagger --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 19:09:38 [INFO] Copying swagger-ui-4.19.1.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-ui-4.19.1.jar 19:09:38 [INFO] Copying classgraph-4.8.149.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/classgraph-4.8.149.jar 19:09:38 [INFO] Copying swagger-annotations-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-annotations-2.2.4.jar 19:09:38 [INFO] Copying swagger-core-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-core-2.2.4.jar 19:09:38 [INFO] Copying swagger-jaxrs2-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-jaxrs2-2.2.4.jar 19:09:38 [INFO] Copying swagger-models-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-models-2.2.4.jar 19:09:38 [INFO] Copying swagger-integration-2.2.4.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-integration-2.2.4.jar 19:09:38 [INFO] Copying swagger-parser-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-2.1.6.jar 19:09:38 [INFO] Copying swagger-parser-core-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-core-2.1.6.jar 19:09:38 [INFO] Copying swagger-parser-v2-converter-2.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v2-converter-2.1.6.jar 19:09:38 [INFO] Copying swagger-parser-v3-2.1.6-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.6-gov4j-1.jar 19:09:38 [INFO] Copying swagger-core-1.6.8.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-core-1.6.8.jar 19:09:38 [INFO] Copying swagger-models-1.6.8.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-models-1.6.8.jar 19:09:38 [INFO] Copying swagger-parser-1.0.63.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-1.0.63.jar 19:09:38 [INFO] Copying swagger-request-validator-core-2.30.0-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.30.0-gov4j-2.jar 19:09:38 [INFO] 19:09:38 [INFO] ----------------< org.openspcoop2:org.openspcoop2.wadl >---------------- 19:09:38 [INFO] Building dependencies.wadl 1.0 [33/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.wadl --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wadl (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wadl --- 19:09:38 [INFO] Copying localizer-1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/localizer-1.0.jar 19:09:38 [INFO] Copying wadl-core-1.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/wadl-core-1.1.6.jar 19:09:38 [INFO] Copying wadl-xslt-1.1.6.jar to /var/lib/jenkins/workspace/GovWay/lib/wadl/wadl-xslt-1.1.6.jar 19:09:38 [INFO] 19:09:38 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 19:09:38 [INFO] Building dependencies.wss4j 1.0 [34/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.wss4j --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 19:09:38 [INFO] Copying wss4j-bindings-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-bindings-2.4.1.jar 19:09:38 [INFO] Copying wss4j-integration-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-integration-2.4.1.jar 19:09:38 [INFO] Copying wss4j-policy-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-policy-2.4.1.jar 19:09:38 [INFO] Copying wss4j-ws-security-common-2.4.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-2.4.1-gov4j-2.jar 19:09:38 [INFO] Copying wss4j-ws-security-dom-2.4.1-gov4j-2.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-2.4.1-gov4j-2.jar 19:09:38 [INFO] Copying wss4j-ws-security-policy-stax-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-policy-stax-2.4.1.jar 19:09:38 [INFO] Copying wss4j-ws-security-stax-2.4.1.jar to /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-stax-2.4.1.jar 19:09:38 [INFO] 19:09:38 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 19:09:38 [INFO] Building dependencies.testsuite 1.0 [35/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 19:09:38 [INFO] Building dependencies.testsuite.axis14 1.0 [36/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 19:09:38 [INFO] Copying axis-1.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4-gov4j-1.jar 19:09:38 [INFO] Copying axis-jaxrpc-1.4-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4-gov4j-1.jar 19:09:38 [INFO] Copying axis-ant-1.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-ant-1.4.jar 19:09:38 [INFO] Copying axis-saaj-1.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-saaj-1.4.jar 19:09:38 [INFO] Copying mailapi-1.5.6.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/mailapi-1.5.6.jar 19:09:38 [INFO] Copying neethi-2.0.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/neethi-2.0.4.jar 19:09:38 [INFO] Copying opensaml-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/opensaml-1.1.jar 19:09:38 [INFO] Copying wss4j-1.5.11.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/wss4j-1.5.11.jar 19:09:38 [INFO] Copying xmlsec-1.4.4.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/xmlsec-1.4.4.jar 19:09:38 [INFO] Copying addressing-1.1.jar to /var/lib/jenkins/workspace/GovWay/lib/axis14/addressing-1.1.jar 19:09:38 [INFO] 19:09:38 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 19:09:38 [INFO] Building dependencies.testsuite.as 1.0 [37/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly8 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly8 1.0 [38/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly8 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly8 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf8 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly9 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly9 1.0 [39/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf9 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly10 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly10 1.0 [40/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf10 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly11 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly11 1.0 [41/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf11 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly12 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly12 1.0 [42/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf12 already exists in destination. 19:09:38 [INFO] javax.json:javax.json-api:jar:1.1.2 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly13 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly13 1.0 [43/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf13 already exists in destination. 19:09:38 [INFO] javax.json:javax.json-api:jar:1.1.2 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly14 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly14 1.0 [44/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf14 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly15 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly15 1.0 [45/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf15 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly16 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly16 1.0 [46/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf16 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly17 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly17 1.0 [47/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf17 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly18 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly18 1.0 [48/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf18 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly19 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly19 1.0 [49/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf19 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly20 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly20 1.0 [50/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf20 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly21 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly21 1.0 [51/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf21 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly22 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly22 1.0 [52/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf22 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly23 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly23 1.0 [53/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf23 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly24 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly24 1.0 [54/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf24 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly25 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly25 1.0 [55/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf25 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly26 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.wildfly26 1.0 [56/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 19:09:38 [INFO] org.wildfly:jboss-client:jar:wf26 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat9 >-- 19:09:38 [INFO] Building dependencies.testsuite.as.tomcat9 1.0 [57/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 19:09:38 [INFO] org.apache.tomcat:tomcat-catalina:jar:9.0.83 already exists in destination. 19:09:38 [INFO] org.apache.tomcat:tomcat-juli:jar:9.0.83 already exists in destination. 19:09:38 [INFO] 19:09:38 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 19:09:38 [INFO] Building dependencies.testsuite.test 1.0 [58/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.test --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test --- 19:09:38 [INFO] Copying jcommander-1.82.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/jcommander-1.82.jar 19:09:38 [INFO] Copying guice-5.1.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/guice-5.1.0.jar 19:09:38 [INFO] Copying jquery-3.6.1.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/jquery-3.6.1.jar 19:09:38 [INFO] Copying testng-7.8.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/testng-7.8.0.jar 19:09:38 [INFO] Copying junit-4.13.2.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/junit-4.13.2.jar 19:09:38 [INFO] Copying karate-apache-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-apache-0.9.6.jar 19:09:38 [INFO] Copying karate-core-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-core-0.9.6.jar 19:09:38 [INFO] Copying karate-junit4-0.9.6.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/karate-junit4-0.9.6.jar 19:09:38 [INFO] Copying hamcrest-core-1.3.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/hamcrest-core-1.3.jar 19:09:38 [INFO] Copying picocli-4.2.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/picocli-4.2.0.jar 19:09:38 [INFO] Copying logback-classic-1.4.14.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback-classic-1.4.14.jar 19:09:38 [INFO] Copying logback-core-1.4.14.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/logback-core-1.4.14.jar 19:09:38 [INFO] Copying spring-jdbc-5.3.39.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-jdbc-5.3.39.jar 19:09:38 [INFO] Copying spring-ldap-test-2.4.2.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/spring-ldap-test-2.4.2.jar 19:09:38 [INFO] Copying apacheds-all-2.0.0.AM27-gov4j-1.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds-all-2.0.0.AM27-gov4j-1.jar 19:09:38 [INFO] Copying slf4j-testng-2.0.0.jar to /var/lib/jenkins/workspace/GovWay/lib/testsuite/slf4j-testng-2.0.0.jar 19:09:38 [INFO] 19:09:38 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 19:09:38 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [59/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 19:09:38 [INFO] Copying spotbugs-ant-4.8.6.jar to /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis/spotbugs-ant-4.8.6.jar 19:09:38 [INFO] Copying sonarqube-ant-task-2.7.1.1951.jar to /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis/sonarqube-ant-task-2.7.1.1951.jar 19:09:38 [INFO] 19:09:38 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 19:09:38 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [60/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 19:09:38 [INFO] Copying zap-clientapi-1.11.0.jar to /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis/zap-clientapi-1.11.0.jar 19:09:38 [INFO] 19:09:38 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 19:09:38 [INFO] Building dependencies.testsuite.coverage 1.0 [61/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-clean-plugin:3.1.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 19:09:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 19:09:38 [INFO] 19:09:38 [INFO] --- maven-dependency-plugin:3.1.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 19:09:38 [INFO] Copying org.jacoco.agent-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.agent-0.8.8.jar 19:09:38 [INFO] Copying org.jacoco.ant-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.ant-0.8.8.jar 19:09:38 [INFO] Copying org.jacoco.core-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.core-0.8.8.jar 19:09:38 [INFO] Copying org.jacoco.report-0.8.8.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/org.jacoco.report-0.8.8.jar 19:09:38 [INFO] Copying asm-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-9.5.jar 19:09:38 [INFO] Copying asm-commons-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-commons-9.5.jar 19:09:38 [INFO] Copying asm-tree-9.5.jar to /var/lib/jenkins/workspace/GovWay/lib/coverage/asm-tree-9.5.jar 19:09:38 [INFO] 19:09:38 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 19:09:38 [INFO] Building compile 1.0 [62/71] 19:09:38 [INFO] --------------------------------[ pom ]--------------------------------- 19:09:38 [INFO] 19:09:38 [INFO] --- maven-antrun-plugin:1.8:run (default) @ org.openspcoop2.compile --- 19:09:38 [INFO] Executing tasks 19:09:38 19:09:38 main: 19:09:39 [taskdef] Could not load definitions from resource net/sf/antcontrib/antlib.xml. It could not be found. 19:09:40 19:09:40 check_as_version: 19:09:42 19:09:42 build: 19:09:42 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/dist 19:09:45 19:09:45 init_compile_genericProject: 19:09:45 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build 19:09:45 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/tmp 19:09:45 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist 19:09:45 19:09:45 compile_openspcoop2_utils: 19:09:45 19:09:45 checkgit: 19:09:49 19:09:49 init_compile-build: 19:09:49 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:09:49 19:09:49 compile_src_openspcoop2: 19:09:49 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:09:49 [echo] **************************************** 19:09:49 [echo] **** DEBUG MODE ON ***** 19:09:49 [echo] **************************************** 19:09:49 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/utils 19:09:49 [echo] Raccolta informazioni git per inserimento in manifest... 19:09:49 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils] 19:09:49 [javac] Compiling 35 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:09:53 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils_RELEASE.jar 19:09:53 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:09:56 19:09:56 init_compile-build: 19:09:56 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:09:56 19:09:56 compile_src_openspcoop2: 19:09:56 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:09:56 [echo] **************************************** 19:09:56 [echo] **** DEBUG MODE ON ***** 19:09:56 [echo] **************************************** 19:09:56 [echo] Raccolta informazioni git per inserimento in manifest... 19:09:56 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/instrument] 19:09:56 [javac] Compiling 2 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:09:57 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-instrument_RELEASE.jar 19:09:57 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:09:59 19:09:59 init_compile-build: 19:09:59 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:09:59 19:09:59 compile_src_openspcoop2: 19:09:59 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:09:59 [echo] **************************************** 19:09:59 [echo] **** DEBUG MODE ON ***** 19:09:59 [echo] **************************************** 19:09:59 [echo] Raccolta informazioni git per inserimento in manifest... 19:09:59 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/resources] 19:09:59 [javac] Compiling 17 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:00 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-resources_RELEASE.jar 19:10:00 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:03 19:10:03 init_compile-build: 19:10:03 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:03 19:10:03 compile_src_openspcoop2: 19:10:03 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:03 [echo] **************************************** 19:10:03 [echo] **** DEBUG MODE ON ***** 19:10:03 [echo] **************************************** 19:10:03 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:03 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/mime] 19:10:03 [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:04 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-mime_RELEASE.jar 19:10:04 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:07 19:10:07 init_compile-build: 19:10:07 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:07 19:10:07 compile_src_openspcoop2: 19:10:07 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:07 [echo] **************************************** 19:10:07 [echo] **** DEBUG MODE ON ***** 19:10:07 [echo] **************************************** 19:10:07 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:07 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/date] 19:10:07 [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:08 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-date_RELEASE.jar 19:10:08 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:11 19:10:11 init_compile-build: 19:10:11 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:11 19:10:11 compile_src_openspcoop2: 19:10:11 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:11 [echo] **************************************** 19:10:11 [echo] **** DEBUG MODE ON ***** 19:10:11 [echo] **************************************** 19:10:11 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:11 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/io] 19:10:11 [javac] Compiling 27 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:12 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-io_RELEASE.jar 19:10:12 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:14 19:10:14 init_compile-build: 19:10:14 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:14 19:10:14 compile_src_openspcoop2: 19:10:14 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:14 [echo] **************************************** 19:10:14 [echo] **** DEBUG MODE ON ***** 19:10:14 [echo] **************************************** 19:10:14 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:14 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/random] 19:10:14 [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:14 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-random_RELEASE.jar 19:10:14 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:17 19:10:17 init_compile-build: 19:10:17 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:17 19:10:17 compile_src_openspcoop2: 19:10:17 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:17 [echo] **************************************** 19:10:17 [echo] **** DEBUG MODE ON ***** 19:10:17 [echo] **************************************** 19:10:17 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:17 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/properties] 19:10:17 [javac] Compiling 5 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:18 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-properties_RELEASE.jar 19:10:18 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:21 19:10:21 init_compile-build: 19:10:21 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:21 19:10:21 compile_src_openspcoop2: 19:10:21 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:21 [echo] **************************************** 19:10:21 [echo] **** DEBUG MODE ON ***** 19:10:21 [echo] **************************************** 19:10:21 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:21 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jaxb] 19:10:21 [javac] anomalous package-info.java path: package-info.java 19:10:21 [javac] Compiling 15 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:21 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jaxb_RELEASE.jar 19:10:21 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:23 19:10:23 init_compile-build: 19:10:23 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:23 19:10:23 compile_src_openspcoop2: 19:10:23 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:24 [echo] **************************************** 19:10:24 [echo] **** DEBUG MODE ON ***** 19:10:24 [echo] **************************************** 19:10:24 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:24 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jaxrs] 19:10:24 [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:24 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jaxrs_RELEASE.jar 19:10:24 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:27 19:10:27 init_compile-build: 19:10:27 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:27 19:10:27 compile_src_openspcoop2: 19:10:27 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:27 [echo] **************************************** 19:10:27 [echo] **** DEBUG MODE ON ***** 19:10:27 [echo] **************************************** 19:10:27 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:27 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xml] 19:10:27 [javac] Compiling 40 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:30 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xml_RELEASE.jar 19:10:30 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:32 19:10:32 init_compile-build: 19:10:32 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:32 19:10:32 compile_src_openspcoop2: 19:10:32 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:32 [echo] **************************************** 19:10:32 [echo] **** DEBUG MODE ON ***** 19:10:32 [echo] **************************************** 19:10:32 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:32 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/json] 19:10:32 [javac] Compiling 23 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:33 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-json_RELEASE.jar 19:10:33 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:35 19:10:35 init_compile-build: 19:10:35 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:35 19:10:35 compile_src_openspcoop2: 19:10:35 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:35 [echo] **************************************** 19:10:35 [echo] **** DEBUG MODE ON ***** 19:10:35 [echo] **************************************** 19:10:35 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:35 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xml2json] 19:10:35 [javac] Compiling 17 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:36 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xml2json_RELEASE.jar 19:10:36 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:38 19:10:38 init_compile-build: 19:10:38 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:38 19:10:38 compile_src_openspcoop2: 19:10:38 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:38 [echo] **************************************** 19:10:38 [echo] **** DEBUG MODE ON ***** 19:10:38 [echo] **************************************** 19:10:38 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:38 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/digest] 19:10:38 [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:39 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-digest_RELEASE.jar 19:10:39 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:41 19:10:41 init_compile-build: 19:10:41 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:41 19:10:41 compile_src_openspcoop2: 19:10:41 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:41 [echo] **************************************** 19:10:41 [echo] **** DEBUG MODE ON ***** 19:10:41 [echo] **************************************** 19:10:41 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:41 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/regexp] 19:10:41 [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:42 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-regexp_RELEASE.jar 19:10:42 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:44 19:10:44 init_compile-build: 19:10:44 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:44 19:10:44 compile_src_openspcoop2: 19:10:44 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:44 [echo] **************************************** 19:10:44 [echo] **** DEBUG MODE ON ***** 19:10:44 [echo] **************************************** 19:10:44 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:44 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate] 19:10:44 [javac] Compiling 45 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:45 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate_RELEASE.jar 19:10:46 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:48 19:10:48 init_compile-build: 19:10:48 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:48 19:10:48 compile_src_openspcoop2: 19:10:48 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:48 [echo] **************************************** 19:10:48 [echo] **** DEBUG MODE ON ***** 19:10:48 [echo] **************************************** 19:10:48 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:48 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/transport] 19:10:48 [javac] Compiling 64 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:50 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-transport_RELEASE.jar 19:10:50 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:52 19:10:52 init_compile-build: 19:10:52 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:52 19:10:52 compile_src_openspcoop2: 19:10:52 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:52 [echo] **************************************** 19:10:52 [echo] **** DEBUG MODE ON ***** 19:10:52 [echo] **************************************** 19:10:52 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:52 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/ocsp] 19:10:52 [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:52 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-ocsp_RELEASE.jar 19:10:53 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:55 19:10:55 init_compile-build: 19:10:55 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:55 19:10:55 compile_src_openspcoop2: 19:10:55 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:55 [echo] **************************************** 19:10:55 [echo] **** DEBUG MODE ON ***** 19:10:55 [echo] **************************************** 19:10:55 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:55 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/remote] 19:10:55 [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:56 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-remote_RELEASE.jar 19:10:56 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:58 19:10:58 init_compile-build: 19:10:58 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:58 19:10:58 compile_src_openspcoop2: 19:10:58 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:10:58 [echo] **************************************** 19:10:58 [echo] **** DEBUG MODE ON ***** 19:10:58 [echo] **************************************** 19:10:58 [echo] Raccolta informazioni git per inserimento in manifest... 19:10:58 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/byok] 19:10:58 [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:10:58 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-byok_RELEASE.jar 19:10:58 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:01 19:11:01 init_compile-build: 19:11:01 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:01 19:11:01 compile_src_openspcoop2: 19:11:01 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:01 [echo] **************************************** 19:11:01 [echo] **** DEBUG MODE ON ***** 19:11:01 [echo] **************************************** 19:11:01 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:01 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jmx] 19:11:01 [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:01 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jmx_RELEASE.jar 19:11:01 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:03 19:11:03 init_compile-build: 19:11:03 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:03 19:11:03 compile_src_openspcoop2: 19:11:03 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:03 [echo] **************************************** 19:11:03 [echo] **** DEBUG MODE ON ***** 19:11:03 [echo] **************************************** 19:11:03 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:03 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/cache] 19:11:03 [javac] Compiling 22 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:04 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-cache_RELEASE.jar 19:11:04 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:07 19:11:07 init_compile-build: 19:11:07 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:07 19:11:07 compile_src_openspcoop2: 19:11:07 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:07 [echo] **************************************** 19:11:07 [echo] **** DEBUG MODE ON ***** 19:11:07 [echo] **************************************** 19:11:07 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:07 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/checksum] 19:11:07 [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:07 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-checksum_RELEASE.jar 19:11:07 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:09 19:11:09 init_compile-build: 19:11:09 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:09 19:11:09 compile_src_openspcoop2: 19:11:09 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:09 [echo] **************************************** 19:11:09 [echo] **** DEBUG MODE ON ***** 19:11:09 [echo] **************************************** 19:11:09 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:09 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/crypt] 19:11:09 [javac] Compiling 23 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:10 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-crypt_RELEASE.jar 19:11:10 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:13 19:11:13 init_compile-build: 19:11:13 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:13 19:11:13 compile_src_openspcoop2: 19:11:13 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:13 [echo] **************************************** 19:11:13 [echo] **** DEBUG MODE ON ***** 19:11:13 [echo] **************************************** 19:11:13 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:13 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/csv] 19:11:13 [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:13 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-csv_RELEASE.jar 19:11:13 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:16 19:11:16 init_compile-build: 19:11:16 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:16 19:11:16 compile_src_openspcoop2: 19:11:16 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:16 [echo] **************************************** 19:11:16 [echo] **** DEBUG MODE ON ***** 19:11:16 [echo] **************************************** 19:11:16 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:16 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/dch] 19:11:16 [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:16 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-dch_RELEASE.jar 19:11:16 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:18 19:11:18 init_compile-build: 19:11:18 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:18 19:11:18 compile_src_openspcoop2: 19:11:18 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:18 [echo] **************************************** 19:11:18 [echo] **** DEBUG MODE ON ***** 19:11:18 [echo] **************************************** 19:11:18 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:19 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/sql] 19:11:19 [javac] Compiling 21 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:20 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-sql_RELEASE.jar 19:11:20 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:22 19:11:22 init_compile-build: 19:11:22 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:22 19:11:22 compile_src_openspcoop2: 19:11:22 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:22 [echo] **************************************** 19:11:22 [echo] **** DEBUG MODE ON ***** 19:11:22 [echo] **************************************** 19:11:22 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:22 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jdbc] 19:11:22 [javac] Compiling 35 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:23 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jdbc_RELEASE.jar 19:11:23 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:25 19:11:25 init_compile-build: 19:11:25 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:25 19:11:25 compile_src_openspcoop2: 19:11:25 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:25 [echo] **************************************** 19:11:25 [echo] **** DEBUG MODE ON ***** 19:11:25 [echo] **************************************** 19:11:25 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:25 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/id] 19:11:25 [javac] Compiling 45 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:26 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-id_RELEASE.jar 19:11:26 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:28 19:11:28 init_compile-build: 19:11:28 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:28 19:11:28 compile_src_openspcoop2: 19:11:28 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:28 [echo] **************************************** 19:11:28 [echo] **** DEBUG MODE ON ***** 19:11:28 [echo] **************************************** 19:11:28 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:28 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/serialization] 19:11:28 [javac] Compiling 26 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:29 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-serialization_RELEASE.jar 19:11:29 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:31 19:11:31 init_compile-build: 19:11:31 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:31 19:11:31 compile_src_openspcoop2: 19:11:31 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:31 [echo] **************************************** 19:11:31 [echo] **** DEBUG MODE ON ***** 19:11:31 [echo] **************************************** 19:11:31 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:31 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/logger] 19:11:31 [javac] Compiling 77 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:32 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-logger_RELEASE.jar 19:11:32 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:34 19:11:34 init_compile-build: 19:11:34 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:34 19:11:34 compile_src_openspcoop2: 19:11:34 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:34 [echo] **************************************** 19:11:34 [echo] **** DEBUG MODE ON ***** 19:11:34 [echo] **************************************** 19:11:34 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:34 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/service] 19:11:34 [javac] Compiling 110 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:36 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-service_RELEASE.jar 19:11:36 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:38 19:11:38 init_compile-build: 19:11:38 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:38 19:11:38 compile_src_openspcoop2: 19:11:38 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:38 [echo] **************************************** 19:11:38 [echo] **** DEBUG MODE ON ***** 19:11:38 [echo] **************************************** 19:11:38 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:38 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/beans] 19:11:38 [javac] Compiling 5 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:38 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-beans_RELEASE.jar 19:11:38 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:41 19:11:41 init_compile-build: 19:11:41 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:41 19:11:41 compile_src_openspcoop2: 19:11:41 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:41 [echo] **************************************** 19:11:41 [echo] **** DEBUG MODE ON ***** 19:11:41 [echo] **************************************** 19:11:41 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:41 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/security] 19:11:41 [javac] Compiling 40 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:42 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-security_RELEASE.jar 19:11:42 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:44 19:11:44 init_compile-build: 19:11:44 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:44 19:11:44 compile_src_openspcoop2: 19:11:44 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:44 [echo] **************************************** 19:11:44 [echo] **** DEBUG MODE ON ***** 19:11:44 [echo] **************************************** 19:11:44 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:44 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/pdf] 19:11:44 [javac] Compiling 11 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:45 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-pdf_RELEASE.jar 19:11:45 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:47 19:11:47 init_compile-build: 19:11:47 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:47 19:11:47 compile_src_openspcoop2: 19:11:47 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:47 [echo] **************************************** 19:11:47 [echo] **** DEBUG MODE ON ***** 19:11:47 [echo] **************************************** 19:11:47 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:47 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/wsdl] 19:11:47 [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:48 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-wsdl_RELEASE.jar 19:11:48 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:50 19:11:50 init_compile-build: 19:11:50 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:50 19:11:50 compile_src_openspcoop2: 19:11:50 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:50 [echo] **************************************** 19:11:50 [echo] **** DEBUG MODE ON ***** 19:11:50 [echo] **************************************** 19:11:50 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:50 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/rest] 19:11:50 [javac] Compiling 54 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:51 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-rest_RELEASE.jar 19:11:51 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:53 19:11:53 init_compile-build: 19:11:53 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:53 19:11:53 compile_src_openspcoop2: 19:11:53 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:53 [echo] **************************************** 19:11:53 [echo] **** DEBUG MODE ON ***** 19:11:53 [echo] **************************************** 19:11:53 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:53 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/wadl] 19:11:53 [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:54 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-wadl_RELEASE.jar 19:11:54 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:56 19:11:56 init_compile-build: 19:11:56 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:56 19:11:56 compile_src_openspcoop2: 19:11:56 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:11:56 [echo] **************************************** 19:11:56 [echo] **** DEBUG MODE ON ***** 19:11:56 [echo] **************************************** 19:11:56 [echo] Raccolta informazioni git per inserimento in manifest... 19:11:56 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/openapi] 19:11:56 [javac] Compiling 27 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:11:57 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-openapi_RELEASE.jar 19:11:57 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:00 19:12:00 init_compile-build: 19:12:00 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:00 19:12:00 compile_src_openspcoop2: 19:12:00 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:00 [echo] **************************************** 19:12:00 [echo] **** DEBUG MODE ON ***** 19:12:00 [echo] **************************************** 19:12:00 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:00 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xacml] 19:12:00 [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:01 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xacml_RELEASE.jar 19:12:01 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:03 19:12:03 init_compile-build: 19:12:03 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:03 19:12:03 compile_src_openspcoop2: 19:12:03 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:03 [echo] **************************************** 19:12:03 [echo] **** DEBUG MODE ON ***** 19:12:03 [echo] **************************************** 19:12:03 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:03 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/mail] 19:12:03 [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:03 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-mail_RELEASE.jar 19:12:03 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:06 19:12:06 init_compile-build: 19:12:06 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:06 19:12:06 compile_src_openspcoop2: 19:12:06 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:06 [echo] **************************************** 19:12:06 [echo] **** DEBUG MODE ON ***** 19:12:06 [echo] **************************************** 19:12:06 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:06 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/datasource] 19:12:06 [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:06 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-datasource_RELEASE.jar 19:12:06 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:08 19:12:08 init_compile-build: 19:12:08 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:08 19:12:08 compile_src_openspcoop2: 19:12:08 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:08 [echo] **************************************** 19:12:08 [echo] **** DEBUG MODE ON ***** 19:12:08 [echo] **************************************** 19:12:08 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:08 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/sonde] 19:12:08 [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:09 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-sonde_RELEASE.jar 19:12:09 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:11 19:12:11 init_compile-build: 19:12:11 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:11 19:12:11 compile_src_openspcoop2: 19:12:11 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:11 [echo] **************************************** 19:12:11 [echo] **** DEBUG MODE ON ***** 19:12:11 [echo] **************************************** 19:12:11 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:11 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/semaphore] 19:12:11 [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:11 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-semaphore_RELEASE.jar 19:12:11 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:14 19:12:14 init_compile-build: 19:12:14 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:14 19:12:14 compile_src_openspcoop2: 19:12:14 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:14 [echo] **************************************** 19:12:14 [echo] **** DEBUG MODE ON ***** 19:12:14 [echo] **************************************** 19:12:14 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:14 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/threads] 19:12:14 [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:14 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-threads_RELEASE.jar 19:12:14 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:16 19:12:16 jar_2_jar_openspcoop2: 19:12:16 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:16 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:16 [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 19:12:17 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_utils_RELEASE.jar 19:12:19 19:12:19 compile_api_openspcoop2: 19:12:19 19:12:19 checkgit: 19:12:22 19:12:22 init_compile-build: 19:12:22 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:22 19:12:22 compile_src_openspcoop2: 19:12:22 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:22 [echo] **************************************** 19:12:22 [echo] **** DEBUG MODE ON ***** 19:12:22 [echo] **************************************** 19:12:22 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/utils-test 19:12:22 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:22 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/test] 19:12:22 [javac] Compiling 64 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:23 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils-test/openspcoop2_utils-test_RELEASE.jar 19:12:23 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:26 19:12:26 jar_2_jar_openspcoop2: 19:12:26 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:26 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:26 [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 19:12:26 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_utils-test_RELEASE.jar 19:12:28 19:12:28 compile_api_openspcoop2: 19:12:28 19:12:28 compile_openspcoop2_genericProject: 19:12:28 19:12:28 checkgit: 19:12:30 19:12:30 init_compile-build: 19:12:30 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:30 19:12:30 compile_src_openspcoop2: 19:12:30 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:30 [echo] **************************************** 19:12:30 [echo] **** DEBUG MODE ON ***** 19:12:30 [echo] **************************************** 19:12:30 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:31 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/generic_project/src/] 19:12:31 [javac] Compiling 211 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:32 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_generic-project_RELEASE.jar 19:12:32 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:35 19:12:35 compile_api_openspcoop2: 19:12:35 19:12:35 compile_genericProject: 19:12:37 19:12:37 init_compile: 19:12:37 19:12:37 compile_openspcoop2_schemi: 19:12:37 19:12:37 checkgit: 19:12:39 19:12:39 init_compile-build: 19:12:39 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:39 19:12:39 build_jar_schema: 19:12:39 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:39 [echo] **************************************** 19:12:39 [echo] **** DEBUG MODE ON ***** 19:12:39 [echo] **************************************** 19:12:39 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/schemi 19:12:39 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:40 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/schemi/openspcoop2_schemi-xsd-openspcoop2_RELEASE.jar 19:12:42 19:12:42 init_compile-build: 19:12:42 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:42 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:42 19:12:42 build_jar_schema: 19:12:42 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:42 [echo] **************************************** 19:12:42 [echo] **** DEBUG MODE ON ***** 19:12:42 [echo] **************************************** 19:12:42 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:42 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/schemi/openspcoop2_schemi-xsd-standard_RELEASE.jar 19:12:45 19:12:45 jar_2_jar_openspcoop2: 19:12:45 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:45 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:45 [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 19:12:45 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_schemi-xsd_RELEASE.jar 19:12:45 19:12:45 compile_openspcoop2_message: 19:12:45 19:12:45 checkgit: 19:12:47 19:12:47 init_compile-build: 19:12:47 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:47 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:47 19:12:47 compile_src_openspcoop2: 19:12:47 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:47 [echo] **************************************** 19:12:47 [echo] **** DEBUG MODE ON ***** 19:12:47 [echo] **************************************** 19:12:47 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/message 19:12:47 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:48 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message/context] 19:12:48 [javac] anomalous package-info.java path: package-info.java 19:12:48 [javac] Compiling 42 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:49 [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/message/openspcoop2_message-context_RELEASE.jar 19:12:49 [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:51 19:12:51 init_compile-build: 19:12:51 [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:51 19:12:51 compile_src_openspcoop2: 19:12:51 [echo] Java home: /opt/openjdk-11.0.12_7/ 19:12:51 [echo] **************************************** 19:12:51 [echo] **** DEBUG MODE ON ***** 19:12:51 [echo] **************************************** 19:12:51 [echo] Raccolta informazioni git per inserimento in manifest... 19:12:51 [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message] 19:12:51 [javac] Compiling 110 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 19:12:52 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message/soap/SoapUtils.java:64: error: package org.openspcoop2.pdd.core.dynamic does not exist 19:12:52 import org.openspcoop2.pdd.core.dynamic.DynamicException; 19:12:52 ^ 19:12:52 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message/soap/SoapUtils.java:387: error: cannot find symbol 19:12:52 public static void addSWAStartParameterIfNotPresent(OpenSPCoop2Message message) throws DynamicException { 19:12:52 ^ 19:12:52 symbol: class DynamicException 19:12:52 location: class SoapUtils 19:12:52 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message/soap/SoapUtils.java:390: error: cannot find symbol 19:12:52 public static void addSWAStartParameterIfNotPresent(OpenSPCoop2Message message, boolean addOnlyIfExistsContentIdRootPart) throws DynamicException { 19:12:52 ^ 19:12:52 symbol: class DynamicException 19:12:52 location: class SoapUtils 19:12:52 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message/soap/SoapUtils.java:393: error: cannot find symbol 19:12:52 public static void addSWAStartParameterIfNotPresent(OpenSPCoop2Message message, boolean addOnlyIfExistsContentIdRootPart, boolean forceAddStartParameter) throws DynamicException { 19:12:52 ^ 19:12:52 symbol: class DynamicException 19:12:52 location: class SoapUtils 19:12:52 4 errors 19:12:52 [INFO] ------------------------------------------------------------------------ 19:12:52 [INFO] Reactor Summary for govway 1.0: 19:12:52 [INFO] 19:12:52 [INFO] govway ............................................. SUCCESS [ 0.003 s] 19:12:52 [INFO] dependencies ....................................... SUCCESS [ 0.002 s] 19:12:52 [INFO] dependencies.ant ................................... SUCCESS [ 1.398 s] 19:12:52 [INFO] dependencies.antinstaller .......................... SUCCESS [ 0.033 s] 19:12:52 [INFO] dependencies.axiom ................................. SUCCESS [ 0.019 s] 19:12:52 [INFO] dependencies.bean-validation ....................... SUCCESS [ 0.078 s] 19:12:52 [INFO] dependencies.cxf ................................... SUCCESS [ 0.284 s] 19:12:52 [INFO] dependencies.commons ............................... SUCCESS [ 0.161 s] 19:12:52 [INFO] dependencies.faces ................................. SUCCESS [ 0.055 s] 19:12:52 [INFO] dependencies.git ................................... SUCCESS [ 0.019 s] 19:12:52 [INFO] dependencies.httpcore .............................. SUCCESS [ 0.051 s] 19:12:52 [INFO] dependencies.jackson ............................... SUCCESS [ 0.063 s] 19:12:52 [INFO] dependencies.javax ................................. SUCCESS [ 0.043 s] 19:12:52 [INFO] dependencies.jax ................................... SUCCESS [ 0.115 s] 19:12:52 [INFO] dependencies.jetty ................................. SUCCESS [ 0.043 s] 19:12:52 [INFO] dependencies.jminix ................................ SUCCESS [ 0.013 s] 19:12:52 [INFO] dependencies.json .................................. SUCCESS [ 0.038 s] 19:12:52 [INFO] dependencies.log ................................... SUCCESS [ 0.040 s] 19:12:52 [INFO] dependencies.lucene ................................ SUCCESS [ 0.019 s] 19:12:52 [INFO] dependencies.swagger ............................... SUCCESS [ 0.011 s] 19:12:52 [INFO] dependencies.opensaml .............................. SUCCESS [ 0.056 s] 19:12:52 [INFO] dependencies.pdf ................................... SUCCESS [ 0.024 s] 19:12:52 [INFO] dependencies.redis ................................. SUCCESS [ 0.052 s] 19:12:52 [INFO] dependencies.reports ............................... SUCCESS [ 0.037 s] 19:12:52 [INFO] dependencies.saaj .................................. SUCCESS [ 0.013 s] 19:12:52 [INFO] dependencies.security .............................. SUCCESS [ 0.033 s] 19:12:52 [INFO] dependencies.shared ................................ SUCCESS [ 0.131 s] 19:12:52 [INFO] dependencies.soapbox ............................... SUCCESS [ 0.013 s] 19:12:52 [INFO] dependencies.spring ................................ SUCCESS [ 0.024 s] 19:12:52 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 0.008 s] 19:12:52 [INFO] dependencies.spring-security ....................... SUCCESS [ 0.014 s] 19:12:52 [INFO] dependencies.swagger ............................... SUCCESS [ 0.040 s] 19:12:52 [INFO] dependencies.wadl .................................. SUCCESS [ 0.010 s] 19:12:52 [INFO] dependencies.wss4j ................................. SUCCESS [ 0.020 s] 19:12:52 [INFO] dependencies.testsuite ............................. SUCCESS [ 0.000 s] 19:12:52 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 0.021 s] 19:12:52 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 0.001 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly8 ................. SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly9 ................. SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly10 ................ SUCCESS [ 0.004 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly11 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly12 ................ SUCCESS [ 0.008 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly13 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly14 ................ SUCCESS [ 0.047 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly15 ................ SUCCESS [ 0.006 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly16 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly17 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly18 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly19 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly20 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly21 ................ SUCCESS [ 0.004 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly22 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly23 ................ SUCCESS [ 0.004 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly24 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly25 ................ SUCCESS [ 0.004 s] 19:12:52 [INFO] dependencies.testsuite.as.wildfly26 ................ SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.as.tomcat9 .................. SUCCESS [ 0.005 s] 19:12:52 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 0.049 s] 19:12:52 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 0.012 s] 19:12:52 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 0.006 s] 19:12:52 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 0.019 s] 19:12:52 [INFO] compile ............................................ FAILURE [03:13 min] 19:12:52 [INFO] package ............................................ SKIPPED 19:12:52 [INFO] testsuite.utils .................................... SKIPPED 19:12:52 [INFO] testsuite.utils.sql ................................ SKIPPED 19:12:52 [INFO] testsuite.pdd.core ................................. SKIPPED 19:12:52 [INFO] testsuite.pdd.core.sql ............................. SKIPPED 19:12:52 [INFO] static_analysis.spotbugs ........................... SKIPPED 19:12:52 [INFO] static_analysis.sonarqube .......................... SKIPPED 19:12:52 [INFO] dynamic_analysis.zap ............................... SKIPPED 19:12:52 [INFO] coverage.jacoco .................................... SKIPPED 19:12:52 [INFO] ------------------------------------------------------------------------ 19:12:52 [INFO] BUILD FAILURE 19:12:52 [INFO] ------------------------------------------------------------------------ 19:12:52 [INFO] Total time: 03:17 min 19:12:52 [INFO] Finished at: 2024-11-15T19:12:52+01:00 19:12:52 [INFO] ------------------------------------------------------------------------ 19:12:52 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.8:run (default) on project org.openspcoop2.compile: An Ant BuildException has occured: The following error occurred while executing this line: 19:12:52 [ERROR] /var/lib/jenkins/workspace/GovWay/build.xml:358: The following error occurred while executing this line: 19:12:52 [ERROR] /var/lib/jenkins/workspace/GovWay/core/ant/openspcoop2-message-build.xml:64: The following error occurred while executing this line: 19:12:52 [ERROR] /var/lib/jenkins/workspace/GovWay/ant/commons/compile-build.xml:149: Compile failed; see the compiler error output for details. 19:12:52 [ERROR] around Ant part ...<ant useNativeBasedir="true" antfile="../../build.xml">... @ 5:58 in /var/lib/jenkins/workspace/GovWay/mvn/compile/target/antrun/build-main.xml 19:12:52 [ERROR] -> [Help 1] 19:12:52 [ERROR] 19:12:52 [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. 19:12:52 [ERROR] Re-run Maven using the -X switch to enable full debug logging. 19:12:52 [ERROR] 19:12:52 [ERROR] For more information about the errors and possible solutions, please read the following articles: 19:12:52 [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException 19:12:52 [ERROR] 19:12:52 [ERROR] After correcting the problems, you can resume the build with the command 19:12:52 [ERROR] mvn <args> -rf :org.openspcoop2.compile 19:12:52 Build step 'Conditional steps (multiple)' marked build as failure 19:12:52 INFO: Processing JUnit 19:12:52 INFO: [JUnit] - 2 test report file(s) were found with the pattern 'tools/rs/*/server/testsuite/risultati-testsuite/TEST-*.xml' relative to '/var/lib/jenkins/workspace/GovWay' for the testing framework 'JUnit'. 19:12:52 ERROR: Step ‘Publish xUnit test result report’ failed: Test reports were found but not all of them are new. Did all the tests run? 19:12:52 * /var/lib/jenkins/workspace/GovWay/tools/rs/config/server/testsuite/risultati-testsuite/TEST-org.openspcoop2.core.config.rs.testsuite.ApiConfigTestSuite.xml is 1 day 17 hr old 19:12:52 * /var/lib/jenkins/workspace/GovWay/tools/rs/monitor/server/testsuite/risultati-testsuite/TEST-org.openspcoop2.core.monitor.rs.testsuite.ApiMonitorTestSuite.xml is 1 day 17 hr old 19:12:52 19:12:52 TestNG Reports Processing: START 19:12:52 Looking for TestNG results report in workspace using pattern: **/testng-results.xml 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 testng-results.xml was last modified before this build started. Ignoring it. 19:12:53 Saving reports... 19:12:53 Found matching files but did not find any TestNG results. 19:12:53 Collecting Dependency-Check artifact 19:12:53 Parsing file /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml 19:12:53 [SpotBugsZed Attack Proxy (ZAP)] Skipping execution of recorder since overall result is 'FAILURE' 19:12:53 Started calculate disk usage of build 19:12:53 Finished Calculation of disk usage of build in 0 seconds 19:12:53 Started calculate disk usage of workspace 19:12:54 Finished Calculation of disk usage of workspace in 0 seconds 19:12:54 Finished: FAILURE