16:57:21 Started by GitHub push by andreapoli 16:57:21 Running as SYSTEM 16:57:21 Building in workspace /var/lib/jenkins/workspace/GovWay 16:57:21 [WS-CLEANUP] Clean-up disabled, skipping workspace deletion. 16:57:21 The recommended git tool is: NONE 16:57:21 No credentials specified 16:57:21 Cloning the remote Git repository 16:57:21 Cloning repository https://github.com/link-it/govway.git 16:57:21 > /usr/bin/git init /var/lib/jenkins/workspace/GovWay # timeout=10 16:57:21 Fetching upstream changes from https://github.com/link-it/govway.git 16:57:21 > /usr/bin/git --version # timeout=10 16:57:21 > git --version # 'git version 2.23.1' 16:57:21 > /usr/bin/git fetch --tags --force --progress -- https://github.com/link-it/govway.git +refs/heads/*:refs/remotes/origin/* # timeout=10 16:58:15 > /usr/bin/git config remote.origin.url https://github.com/link-it/govway.git # timeout=10 16:58:15 > /usr/bin/git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 16:58:15 Avoid second fetch 16:58:15 > /usr/bin/git rev-parse origin/master^{commit} # timeout=10 16:58:15 Checking out Revision 616594db50c9280fd26a295568c27087674ee2b9 (origin/master) 16:58:15 > /usr/bin/git config core.sparsecheckout # timeout=10 16:58:15 > /usr/bin/git checkout -f 616594db50c9280fd26a295568c27087674ee2b9 # timeout=10 16:58:18 Commit message: "[GovWayCore] Corretto errore di compilazione dell'installer" 16:58:18 > /usr/bin/git rev-list --no-walk 7c79f4d4afbf948641091d8af825d3804533bd36 # timeout=10 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 16:58:18 [GovWay] $ /bin/bash /tmp/jenkins12698066827575472859.sh 16:58:18 ============================= 16:58:18 General Info 16:58:18 Workspace: /var/lib/jenkins/workspace/GovWay 16:58:18 Build: true 16:58:18 Deploy: true 16:58:18 Test: true 16:58:18 Test Integrazione: true 16:58:18 ============================= 16:58:18 16:58:18 ============================= 16:58:18 Environment Info 16:58:18 HOME: /var/lib/jenkins 16:58:18 ANT_OPTS: -Xmx512m -XX:MaxMetaspaceSize=700m -XX:+UseG1GC 16:58:18 MAVEN_OPTS: 16:58:18 SOFTHSM2_CONF: /home/ec2-user/lib/softhsm/softhsm2.conf 16:58:18 SONAR_SCANNER_OPTS: 16:58:18 ============================= 16:58:18 16:58:18 ============================= 16:58:18 Java 16:58:18 openjdk version "11.0.12" 2021-07-20 16:58:18 OpenJDK Runtime Environment 18.9 (build 11.0.12+7) 16:58:18 OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7, mixed mode) 16:58:18 ============================= 16:58:18 16:58:18 ============================= 16:58:18 Git Info 16:58:18 Url: https://github.com/link-it/govway.git 16:58:18 branch: origin/master 16:58:18 commit: 616594db50c9280fd26a295568c27087674ee2b9 16:58:18 previuos commit: 7c79f4d4afbf948641091d8af825d3804533bd36 16:58:18 previuos successful commit: aec62fd962fb51074e89d6bfff1ad7f9b954f1a0 16:58:18 commit message: [GovWayCore] 16:58:18 Corretto errore di compilazione dell'installer 16:58:18 ============================= 16:58:18 16:58:18 ============================= 16:58:18 NODEjs Info 16:58:18 v18.17.1 16:58:18 { 16:58:18 npm: '9.6.7', 16:58:18 node: '18.17.1', 16:58:18 acorn: '8.8.2', 16:58:18 ada: '2.5.0', 16:58:18 ares: '1.19.1', 16:58:18 brotli: '1.0.9', 16:58:18 cldr: '43.0', 16:58:18 icu: '73.1', 16:58:18 llhttp: '6.0.11', 16:58:18 modules: '108', 16:58:18 napi: '9', 16:58:18 nghttp2: '1.52.0', 16:58:18 nghttp3: '0.7.0', 16:58:18 ngtcp2: '0.8.1', 16:58:18 openssl: '3.0.10+quic', 16:58:18 simdutf: '3.2.12', 16:58:18 tz: '2023c', 16:58:18 undici: '5.22.1', 16:58:18 unicode: '15.0', 16:58:18 uv: '1.44.2', 16:58:18 uvwasi: '0.0.18', 16:58:18 v8: '10.2.154.26-node.26', 16:58:18 zlib: '1.2.13.1-motley' 16:58:18 } 16:58:18 ============================= 16:58:18 16:58:18 ============================= 16:58:18 OWASP ZAP Info 'ZAP_2.15.0' 16:58:18 Associo diritti di esecuzione agli script zap ... 16:58:18 Associati diritti di esecuzione agli script zap 16:58:18 Update ... 16:58:18 Execute: /opt/openjdk-11.0.12_7//bin/java -classpath /opt/zaproxy/ZAP_2.15.0/*:/opt/zaproxy/ZAP_2.15.0/lib/* org.zaproxy.zap.ZAP -cmd -addonupdate -port 8280 -host 127.0.0.1 16:58:20 Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.15.0 16:58:31 Add-on update check complete 16:58:37 Update effettuato 16:58:37 ============================= 16:58:37 16:58:37 16:58:37 16:58:37 Fermo application server ... 16:58:37 Tomcat is not running 16:58:37 Fermo application server effettuato 16:58:37 Ripulisco log application server ... 16:58:37 Ripulisco log application server effettuato 16:58:37 Predispongo dir testsuite ... 16:58:37 Predispongo dir testsuite ok 16:58:37 Ripulisco output jacoco ... 16:58:37 Ripulisco output jacoco effettuato 16:58:37 Fermo sonarqube ... 16:58:37 16:58:37 Gracefully stopping SonarQube... 16:58:37 SonarQube was not running. 16:58:37 Fermo sonarqube effettuato 16:58:37 Verifico che il workspace non esista ... 16:58:37 Workspace correttamente re-inizializzato 16:58:37 [Boolean condition] checking [true] against [^(1|y|yes|t|true|on|run)$] (origin token: ${GOVWAY_BUILD}) 16:58:37 Run condition [Boolean condition] enabling perform for step [BuilderChain] 16:58:37 [GovWay] $ /bin/sh -xe /tmp/jenkins15287348641696288446.sh 16:58:37 + perl -pi -e s/log4bash.appender=ColorConsoleAppender/log4bash.appender=ConsoleAppender/g /var/lib/jenkins/workspace/GovWay/distrib/log4bash.properties 16:58:37 + sed -i -e 's#<module>swagger-codegen</module>#<!-- <module>swagger-codegen</module> -->#g' /var/lib/jenkins/workspace/GovWay/mvn/dependencies/pom.xml 16:58:37 + sed -i -e s#UPDATE_DOC=true#UPDATE_DOC=false#g /var/lib/jenkins/workspace/GovWay/distrib/distrib.sh 16:58:37 + sed -i -e s#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver,db2#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver#g /var/lib/jenkins/workspace/GovWay/ant/setup/prepare-build.properties 16:58:37 + sed -i -e 's#<dependencies.soapbox>false</dependencies.soapbox>#<dependencies.soapbox>true</dependencies.soapbox>#g' /var/lib/jenkins/workspace/GovWay/pom.xml 16:58:37 [GovWay] $ /opt/apache-maven-3.6.3/bin/mvn initialize 16:58:39 [INFO] Scanning for projects... 16:58:39 [INFO] ------------------------------------------------------------------------ 16:58:39 [INFO] Reactor Build Order: 16:58:39 [INFO] 16:58:39 [INFO] govway [pom] 16:58:39 [INFO] dependencies [pom] 16:58:39 [INFO] dependencies.ant [pom] 16:58:39 [INFO] dependencies.antinstaller [pom] 16:58:39 [INFO] dependencies.axiom [pom] 16:58:39 [INFO] dependencies.bean-validation [pom] 16:58:39 [INFO] dependencies.cxf [pom] 16:58:39 [INFO] dependencies.commons [pom] 16:58:39 [INFO] dependencies.faces [pom] 16:58:39 [INFO] dependencies.git [pom] 16:58:39 [INFO] dependencies.httpcore [pom] 16:58:39 [INFO] dependencies.jackson [pom] 16:58:39 [INFO] dependencies.javax [pom] 16:58:39 [INFO] dependencies.jax [pom] 16:58:39 [INFO] dependencies.jetty [pom] 16:58:39 [INFO] dependencies.jminix [pom] 16:58:39 [INFO] dependencies.json [pom] 16:58:39 [INFO] dependencies.log [pom] 16:58:39 [INFO] dependencies.lucene [pom] 16:58:39 [INFO] dependencies.openapi4j [pom] 16:58:39 [INFO] dependencies.opensaml [pom] 16:58:39 [INFO] dependencies.pdf [pom] 16:58:39 [INFO] dependencies.redis [pom] 16:58:39 [INFO] dependencies.reports [pom] 16:58:39 [INFO] dependencies.saaj [pom] 16:58:39 [INFO] dependencies.security [pom] 16:58:39 [INFO] dependencies.shared [pom] 16:58:39 [INFO] dependencies.spring [pom] 16:58:39 [INFO] dependencies.spring-ldap [pom] 16:58:39 [INFO] dependencies.spring-security [pom] 16:58:39 [INFO] dependencies.swagger [pom] 16:58:39 [INFO] dependencies.wadl [pom] 16:58:39 [INFO] dependencies.wss4j [pom] 16:58:39 [INFO] dependencies.testsuite [pom] 16:58:39 [INFO] dependencies.testsuite.axis14 [pom] 16:58:39 [INFO] dependencies.testsuite.as [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly9 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly10 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly11 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly12 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly13 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly14 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly15 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly16 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly17 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly18 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly19 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly20 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly21 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly22 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly23 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly24 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly25 [pom] 16:58:39 [INFO] dependencies.testsuite.as.wildfly26 [pom] 16:58:39 [INFO] dependencies.testsuite.as.tomcat9 [pom] 16:58:39 [INFO] dependencies.testsuite.test [pom] 16:58:39 [INFO] dependencies.testsuite.staticAnalysis [pom] 16:58:39 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 16:58:39 [INFO] dependencies.testsuite.coverage [pom] 16:58:39 [INFO] compile [pom] 16:58:39 [INFO] package [pom] 16:58:39 [INFO] testsuite.utils [pom] 16:58:39 [INFO] testsuite.utils.sql [pom] 16:58:39 [INFO] testsuite.pdd.core [pom] 16:58:39 [INFO] testsuite.pdd.core.sql [pom] 16:58:39 [INFO] static_analysis.spotbugs [pom] 16:58:39 [INFO] static_analysis.sonarqube [pom] 16:58:39 [INFO] dynamic_analysis.zap [pom] 16:58:39 [INFO] coverage.jacoco [pom] 16:58:39 [INFO] 16:58:39 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 16:58:39 [INFO] Building govway 1.0 [1/69] 16:58:39 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:39 [INFO] 16:58:39 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 16:58:39 [INFO] Building dependencies 1.0 [2/69] 16:58:39 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:39 [INFO] 16:58:39 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 16:58:39 [INFO] Building dependencies.ant 1.0 [3/69] 16:58:39 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:40 [INFO] 16:58:40 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.ant --- 16:58:40 [INFO] 16:58:40 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 16:58:41 [INFO] 16:58:41 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 16:58:41 [INFO] Building dependencies.antinstaller 1.0 [4/69] 16:58:41 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:41 [INFO] 16:58:41 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 16:58:41 [INFO] 16:58:41 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 16:58:41 [INFO] 16:58:41 [INFO] ---------------< org.openspcoop2:org.openspcoop2.axiom >---------------- 16:58:41 [INFO] Building dependencies.axiom 1.0 [5/69] 16:58:41 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:41 [INFO] 16:58:41 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.axiom --- 16:58:41 [INFO] 16:58:41 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.axiom --- 16:58:41 [INFO] 16:58:41 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.axiom --- 16:58:41 [INFO] Executing tasks 16:58:41 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-api-1.2.13.jar 16:58:41 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-dom-1.2.13.jar 16:58:41 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-impl-1.2.13.jar 16:58:41 [INFO] Executed tasks 16:58:41 [INFO] 16:58:41 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 16:58:41 [INFO] Building dependencies.bean-validation 1.0 [6/69] 16:58:41 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 16:58:42 [INFO] 16:58:42 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 16:58:42 [INFO] Building dependencies.cxf 1.0 [7/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 16:58:42 [INFO] Executing tasks 16:58:42 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-3.6.4.jar 16:58:42 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-3.6.4.jar 16:58:42 [INFO] Executed tasks 16:58:42 [INFO] 16:58:42 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 16:58:42 [INFO] Building dependencies.commons 1.0 [8/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.commons --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 16:58:42 [INFO] 16:58:42 [INFO] ---------------< org.openspcoop2:org.openspcoop2.faces >---------------- 16:58:42 [INFO] Building dependencies.faces 1.0 [9/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.faces --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.faces --- 16:58:42 [INFO] 16:58:42 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 16:58:42 [INFO] Building dependencies.git 1.0 [10/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.git --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 16:58:42 [INFO] 16:58:42 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 16:58:42 [INFO] Building dependencies.httpcore 1.0 [11/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.httpcore --- 16:58:42 [INFO] Executing tasks 16:58:42 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-ab-4.4.15.jar 16:58:42 [INFO] Executed tasks 16:58:42 [INFO] 16:58:42 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 16:58:42 [INFO] Building dependencies.jackson 1.0 [12/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 16:58:42 [INFO] 16:58:42 [INFO] ---------------< org.openspcoop2:org.openspcoop2.javax >---------------- 16:58:42 [INFO] Building dependencies.javax 1.0 [13/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.javax --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.javax --- 16:58:42 [INFO] 16:58:42 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jax >----------------- 16:58:42 [INFO] Building dependencies.jax 1.0 [14/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jax --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jax --- 16:58:42 [INFO] 16:58:42 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.jax --- 16:58:42 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-jsr181-api-2.3.1.jar 16:58:42 [INFO] 16:58:42 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jax --- 16:58:42 [INFO] Executing tasks 16:58:42 [INFO] Executed tasks 16:58:42 [INFO] 16:58:42 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 16:58:42 [INFO] Building dependencies.jetty 1.0 [15/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 16:58:42 [INFO] 16:58:42 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jminix >--------------- 16:58:42 [INFO] Building dependencies.jminix 1.0 [16/69] 16:58:42 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jminix --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jminix --- 16:58:42 [INFO] 16:58:42 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jminix --- 16:58:43 [INFO] Executing tasks 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-1.2.0.jar 16:58:43 [INFO] Executed tasks 16:58:43 [INFO] 16:58:43 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 16:58:43 [INFO] Building dependencies.json 1.0 [17/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.json --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 16:58:43 [INFO] Executing tasks 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 16:58:43 [INFO] Executed tasks 16:58:43 [INFO] 16:58:43 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.json --- 16:58:43 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.0.73.jar 16:58:43 [INFO] 16:58:43 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 16:58:43 [INFO] Building dependencies.log 1.0 [18/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.log --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 16:58:43 [INFO] Executing tasks 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.16.jar 16:58:43 [INFO] Executed tasks 16:58:43 [INFO] 16:58:43 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 16:58:43 [INFO] Building dependencies.lucene 1.0 [19/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.lucene --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 16:58:43 [INFO] 16:58:43 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 16:58:43 [INFO] Building dependencies.openapi4j 1.0 [20/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- 16:58:43 [INFO] Executing tasks 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar 16:58:43 [INFO] Executed tasks 16:58:43 [INFO] 16:58:43 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 16:58:43 [INFO] Building dependencies.opensaml 1.0 [21/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 16:58:43 [INFO] 16:58:43 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 16:58:43 [INFO] Building dependencies.pdf 1.0 [22/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.pdf --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 16:58:43 [INFO] 16:58:43 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 16:58:43 [INFO] Building dependencies.redis 1.0 [23/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.redis --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 16:58:43 [INFO] 16:58:43 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 16:58:43 [INFO] Building dependencies.reports 1.0 [24/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.reports --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 16:58:43 [INFO] 16:58:43 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 16:58:43 [INFO] Building dependencies.saaj 1.0 [25/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.saaj --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- 16:58:43 [INFO] Executing tasks 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-1.5.3.jar 16:58:43 [INFO] Executed tasks 16:58:43 [INFO] 16:58:43 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 16:58:43 [INFO] Building dependencies.security 1.0 [26/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.security --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.security --- 16:58:43 [INFO] Executing tasks 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/security/xmlsec-2.3.4.jar 16:58:43 [INFO] Executed tasks 16:58:43 [INFO] 16:58:43 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 16:58:43 [INFO] Building dependencies.shared 1.0 [27/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.shared --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- 16:58:43 [INFO] Executing tasks 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/commons-jcs3-core-3.1.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-11.4.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-1.33.jar 16:58:43 [INFO] Executed tasks 16:58:43 [INFO] 16:58:43 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 16:58:43 [INFO] Building dependencies.spring 1.0 [28/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.spring --- 16:58:43 [INFO] Executing tasks 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-beans-5.3.39.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-5.3.39.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-support-5.3.39.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-core-5.3.39.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-expression-5.3.39.jar 16:58:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-web-5.3.39.jar 16:58:43 [INFO] Executed tasks 16:58:43 [INFO] 16:58:43 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 16:58:43 [INFO] Building dependencies.spring-ldap 1.0 [29/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 16:58:43 [INFO] 16:58:43 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 16:58:43 [INFO] Building dependencies.spring-security 1.0 [30/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 16:58:43 [INFO] 16:58:43 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 16:58:43 [INFO] Building dependencies.swagger 1.0 [31/69] 16:58:43 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.swagger --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 16:58:43 [INFO] 16:58:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- 16:58:44 [INFO] Executing tasks 16:58:44 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.6.jar 16:58:44 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.30.0.jar 16:58:44 [INFO] Executed tasks 16:58:44 [INFO] 16:58:44 [INFO] ----------------< org.openspcoop2:org.openspcoop2.wadl >---------------- 16:58:44 [INFO] Building dependencies.wadl 1.0 [32/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wadl --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wadl --- 16:58:44 [INFO] 16:58:44 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 16:58:44 [INFO] Building dependencies.wss4j 1.0 [33/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- 16:58:44 [INFO] Executing tasks 16:58:44 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-2.4.1.jar 16:58:44 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-2.4.1.jar 16:58:44 [INFO] Executed tasks 16:58:44 [INFO] 16:58:44 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 16:58:44 [INFO] Building dependencies.testsuite 1.0 [34/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 16:58:44 [INFO] Building dependencies.testsuite.axis14 1.0 [35/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- 16:58:44 [INFO] Executing tasks 16:58:44 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar 16:58:44 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar 16:58:44 [INFO] Executed tasks 16:58:44 [INFO] 16:58:44 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 16:58:44 [INFO] Building dependencies.testsuite.as 1.0 [36/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly9 >-- 16:58:44 [INFO] Building dependencies.testsuite.as.wildfly9 1.0 [37/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 16:58:44 [INFO] 16:58:44 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly10 >-- 16:58:44 [INFO] Building dependencies.testsuite.as.wildfly10 1.0 [38/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 16:58:44 [INFO] 16:58:44 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly11 >-- 16:58:44 [INFO] Building dependencies.testsuite.as.wildfly11 1.0 [39/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 16:58:44 [INFO] 16:58:44 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly12 >-- 16:58:44 [INFO] Building dependencies.testsuite.as.wildfly12 1.0 [40/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 16:58:44 [INFO] 16:58:44 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly13 >-- 16:58:44 [INFO] Building dependencies.testsuite.as.wildfly13 1.0 [41/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 16:58:44 [INFO] 16:58:44 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly14 >-- 16:58:44 [INFO] Building dependencies.testsuite.as.wildfly14 1.0 [42/69] 16:58:44 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 16:58:44 [INFO] 16:58:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 16:58:45 [INFO] 16:58:45 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly15 >-- 16:58:45 [INFO] Building dependencies.testsuite.as.wildfly15 1.0 [43/69] 16:58:45 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 16:58:45 [INFO] 16:58:45 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly16 >-- 16:58:45 [INFO] Building dependencies.testsuite.as.wildfly16 1.0 [44/69] 16:58:45 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 16:58:45 [INFO] 16:58:45 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly17 >-- 16:58:45 [INFO] Building dependencies.testsuite.as.wildfly17 1.0 [45/69] 16:58:45 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 16:58:45 [INFO] 16:58:45 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly18 >-- 16:58:45 [INFO] Building dependencies.testsuite.as.wildfly18 1.0 [46/69] 16:58:45 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 16:58:45 [INFO] 16:58:45 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly19 >-- 16:58:45 [INFO] Building dependencies.testsuite.as.wildfly19 1.0 [47/69] 16:58:45 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 16:58:45 [INFO] 16:58:45 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly20 >-- 16:58:45 [INFO] Building dependencies.testsuite.as.wildfly20 1.0 [48/69] 16:58:45 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 16:58:45 [INFO] 16:58:45 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 16:58:46 [INFO] 16:58:46 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly21 >-- 16:58:46 [INFO] Building dependencies.testsuite.as.wildfly21 1.0 [49/69] 16:58:46 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 16:58:46 [INFO] 16:58:46 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly22 >-- 16:58:46 [INFO] Building dependencies.testsuite.as.wildfly22 1.0 [50/69] 16:58:46 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 16:58:46 [INFO] 16:58:46 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly23 >-- 16:58:46 [INFO] Building dependencies.testsuite.as.wildfly23 1.0 [51/69] 16:58:46 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 16:58:46 [INFO] 16:58:46 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly24 >-- 16:58:46 [INFO] Building dependencies.testsuite.as.wildfly24 1.0 [52/69] 16:58:46 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 16:58:46 [INFO] 16:58:46 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly25 >-- 16:58:46 [INFO] Building dependencies.testsuite.as.wildfly25 1.0 [53/69] 16:58:46 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 16:58:46 [INFO] 16:58:46 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly26 >-- 16:58:46 [INFO] Building dependencies.testsuite.as.wildfly26 1.0 [54/69] 16:58:46 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 16:58:46 [INFO] 16:58:46 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 16:58:47 [INFO] 16:58:47 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat9 >-- 16:58:47 [INFO] Building dependencies.testsuite.as.tomcat9 1.0 [55/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 16:58:47 [INFO] 16:58:47 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 16:58:47 [INFO] Building dependencies.testsuite.test 1.0 [56/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test --- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test --- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test --- 16:58:47 [INFO] Executing tasks 16:58:47 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds-all-2.0.0.AM27.jar 16:58:47 [INFO] Executed tasks 16:58:47 [INFO] 16:58:47 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 16:58:47 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [57/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 16:58:47 [INFO] 16:58:47 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 16:58:47 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [58/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 16:58:47 [INFO] 16:58:47 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 16:58:47 [INFO] Building dependencies.testsuite.coverage 1.0 [59/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 16:58:47 [INFO] 16:58:47 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 16:58:47 [INFO] 16:58:47 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 16:58:47 [INFO] Building compile 1.0 [60/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- 16:58:47 [INFO] Building package 1.0 [61/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- 16:58:47 [INFO] Building testsuite.utils 1.0 [62/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- 16:58:47 [INFO] Building testsuite.utils.sql 1.0 [63/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- 16:58:47 [INFO] Building testsuite.pdd.core 1.0 [64/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- 16:58:47 [INFO] Building testsuite.pdd.core.sql 1.0 [65/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ 16:58:47 [INFO] Building static_analysis.spotbugs 1.0 [66/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ 16:58:47 [INFO] Building static_analysis.sonarqube 1.0 [67/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- 16:58:47 [INFO] Building dynamic_analysis.zap 1.0 [68/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] 16:58:47 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- 16:58:47 [INFO] Building coverage.jacoco 1.0 [69/69] 16:58:47 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:47 [INFO] ------------------------------------------------------------------------ 16:58:47 [INFO] Reactor Summary for govway 1.0: 16:58:47 [INFO] 16:58:47 [INFO] govway ............................................. SUCCESS [ 0.003 s] 16:58:47 [INFO] dependencies ....................................... SUCCESS [ 0.001 s] 16:58:47 [INFO] dependencies.ant ................................... SUCCESS [ 1.472 s] 16:58:47 [INFO] dependencies.antinstaller .......................... SUCCESS [ 0.075 s] 16:58:47 [INFO] dependencies.axiom ................................. SUCCESS [ 0.436 s] 16:58:47 [INFO] dependencies.bean-validation ....................... SUCCESS [ 0.059 s] 16:58:47 [INFO] dependencies.cxf ................................... SUCCESS [ 0.313 s] 16:58:47 [INFO] dependencies.commons ............................... SUCCESS [ 0.123 s] 16:58:47 [INFO] dependencies.faces ................................. SUCCESS [ 0.074 s] 16:58:47 [INFO] dependencies.git ................................... SUCCESS [ 0.016 s] 16:58:47 [INFO] dependencies.httpcore .............................. SUCCESS [ 0.102 s] 16:58:47 [INFO] dependencies.jackson ............................... SUCCESS [ 0.054 s] 16:58:47 [INFO] dependencies.javax ................................. SUCCESS [ 0.037 s] 16:58:47 [INFO] dependencies.jax ................................... SUCCESS [ 0.160 s] 16:58:47 [INFO] dependencies.jetty ................................. SUCCESS [ 0.039 s] 16:58:47 [INFO] dependencies.jminix ................................ SUCCESS [ 0.061 s] 16:58:47 [INFO] dependencies.json .................................. SUCCESS [ 0.097 s] 16:58:47 [INFO] dependencies.log ................................... SUCCESS [ 0.094 s] 16:58:47 [INFO] dependencies.lucene ................................ SUCCESS [ 0.015 s] 16:58:47 [INFO] dependencies.openapi4j ............................. SUCCESS [ 0.058 s] 16:58:47 [INFO] dependencies.opensaml .............................. SUCCESS [ 0.076 s] 16:58:47 [INFO] dependencies.pdf ................................... SUCCESS [ 0.027 s] 16:58:47 [INFO] dependencies.redis ................................. SUCCESS [ 0.075 s] 16:58:47 [INFO] dependencies.reports ............................... SUCCESS [ 0.039 s] 16:58:47 [INFO] dependencies.saaj .................................. SUCCESS [ 0.113 s] 16:58:47 [INFO] dependencies.security .............................. SUCCESS [ 0.076 s] 16:58:47 [INFO] dependencies.shared ................................ SUCCESS [ 0.166 s] 16:58:47 [INFO] dependencies.spring ................................ SUCCESS [ 0.082 s] 16:58:47 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 0.013 s] 16:58:47 [INFO] dependencies.spring-security ....................... SUCCESS [ 0.013 s] 16:58:47 [INFO] dependencies.swagger ............................... SUCCESS [ 0.074 s] 16:58:47 [INFO] dependencies.wadl .................................. SUCCESS [ 0.010 s] 16:58:47 [INFO] dependencies.wss4j ................................. SUCCESS [ 0.054 s] 16:58:47 [INFO] dependencies.testsuite ............................. SUCCESS [ 0.001 s] 16:58:47 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 0.055 s] 16:58:47 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 0.001 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly9 ................. SUCCESS [ 0.072 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly10 ................ SUCCESS [ 0.094 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly11 ................ SUCCESS [ 0.211 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly12 ................ SUCCESS [ 0.196 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly13 ................ SUCCESS [ 0.204 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly14 ................ SUCCESS [ 0.206 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly15 ................ SUCCESS [ 0.152 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly16 ................ SUCCESS [ 0.141 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly17 ................ SUCCESS [ 0.135 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly18 ................ SUCCESS [ 0.186 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly19 ................ SUCCESS [ 0.176 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly20 ................ SUCCESS [ 0.162 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly21 ................ SUCCESS [ 0.177 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly22 ................ SUCCESS [ 0.145 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly23 ................ SUCCESS [ 0.149 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly24 ................ SUCCESS [ 0.155 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly25 ................ SUCCESS [ 0.205 s] 16:58:47 [INFO] dependencies.testsuite.as.wildfly26 ................ SUCCESS [ 0.300 s] 16:58:47 [INFO] dependencies.testsuite.as.tomcat9 .................. SUCCESS [ 0.041 s] 16:58:47 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 0.118 s] 16:58:47 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 0.012 s] 16:58:47 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 0.007 s] 16:58:47 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 0.079 s] 16:58:47 [INFO] compile ............................................ SUCCESS [ 0.001 s] 16:58:47 [INFO] package ............................................ SUCCESS [ 0.000 s] 16:58:47 [INFO] testsuite.utils .................................... SUCCESS [ 0.001 s] 16:58:47 [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.000 s] 16:58:47 [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.001 s] 16:58:47 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.000 s] 16:58:47 [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.001 s] 16:58:47 [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.001 s] 16:58:47 [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.000 s] 16:58:47 [INFO] coverage.jacoco .................................... SUCCESS [ 0.001 s] 16:58:47 [INFO] ------------------------------------------------------------------------ 16:58:47 [INFO] BUILD SUCCESS 16:58:47 [INFO] ------------------------------------------------------------------------ 16:58:47 [INFO] Total time: 7.975 s 16:58:47 [INFO] Finished at: 2025-01-08T16:58:47+01:00 16:58:47 [INFO] ------------------------------------------------------------------------ 16:58:47 [GovWay] $ /opt/apache-maven-3.6.3/bin/mvn -Dpackage=none -Dcompile=none -Dowasp=verify -Dtestsuite=none -DnvdApiKey=f8281fbf-3d81-4e4a-9f03-ab68856b336d -Dowasp.plugin.failBuildOnAnyVulnerability=false verify 16:58:49 [INFO] Scanning for projects... 16:58:49 [INFO] ------------------------------------------------------------------------ 16:58:49 [INFO] Reactor Build Order: 16:58:49 [INFO] 16:58:49 [INFO] govway [pom] 16:58:49 [INFO] dependencies [pom] 16:58:49 [INFO] dependencies.ant [pom] 16:58:49 [INFO] dependencies.antinstaller [pom] 16:58:49 [INFO] dependencies.axiom [pom] 16:58:49 [INFO] dependencies.bean-validation [pom] 16:58:49 [INFO] dependencies.cxf [pom] 16:58:49 [INFO] dependencies.commons [pom] 16:58:49 [INFO] dependencies.faces [pom] 16:58:49 [INFO] dependencies.git [pom] 16:58:49 [INFO] dependencies.httpcore [pom] 16:58:49 [INFO] dependencies.jackson [pom] 16:58:49 [INFO] dependencies.javax [pom] 16:58:49 [INFO] dependencies.jax [pom] 16:58:49 [INFO] dependencies.jetty [pom] 16:58:49 [INFO] dependencies.jminix [pom] 16:58:49 [INFO] dependencies.json [pom] 16:58:49 [INFO] dependencies.log [pom] 16:58:49 [INFO] dependencies.lucene [pom] 16:58:49 [INFO] dependencies.openapi4j [pom] 16:58:49 [INFO] dependencies.opensaml [pom] 16:58:49 [INFO] dependencies.pdf [pom] 16:58:49 [INFO] dependencies.redis [pom] 16:58:49 [INFO] dependencies.reports [pom] 16:58:49 [INFO] dependencies.saaj [pom] 16:58:49 [INFO] dependencies.security [pom] 16:58:49 [INFO] dependencies.shared [pom] 16:58:49 [INFO] dependencies.spring [pom] 16:58:49 [INFO] dependencies.spring-ldap [pom] 16:58:49 [INFO] dependencies.spring-security [pom] 16:58:49 [INFO] dependencies.swagger [pom] 16:58:49 [INFO] dependencies.wadl [pom] 16:58:49 [INFO] dependencies.wss4j [pom] 16:58:49 [INFO] dependencies.testsuite [pom] 16:58:49 [INFO] dependencies.testsuite.axis14 [pom] 16:58:49 [INFO] dependencies.testsuite.as [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly9 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly10 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly11 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly12 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly13 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly14 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly15 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly16 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly17 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly18 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly19 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly20 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly21 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly22 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly23 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly24 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly25 [pom] 16:58:49 [INFO] dependencies.testsuite.as.wildfly26 [pom] 16:58:49 [INFO] dependencies.testsuite.as.tomcat9 [pom] 16:58:49 [INFO] dependencies.testsuite.test [pom] 16:58:49 [INFO] dependencies.testsuite.staticAnalysis [pom] 16:58:49 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 16:58:49 [INFO] dependencies.testsuite.coverage [pom] 16:58:49 [INFO] compile [pom] 16:58:49 [INFO] package [pom] 16:58:49 [INFO] testsuite.utils [pom] 16:58:49 [INFO] testsuite.utils.sql [pom] 16:58:49 [INFO] testsuite.pdd.core [pom] 16:58:49 [INFO] testsuite.pdd.core.sql [pom] 16:58:49 [INFO] static_analysis.spotbugs [pom] 16:58:49 [INFO] static_analysis.sonarqube [pom] 16:58:49 [INFO] dynamic_analysis.zap [pom] 16:58:49 [INFO] coverage.jacoco [pom] 16:58:49 [INFO] 16:58:49 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 16:58:49 [INFO] Building govway 1.0 [1/69] 16:58:49 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:49 [INFO] 16:58:49 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 16:58:49 [INFO] Building dependencies 1.0 [2/69] 16:58:49 [INFO] --------------------------------[ pom ]--------------------------------- 16:58:50 [INFO] 16:58:50 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.dependencies --- 16:58:50 [INFO] Executing tasks 16:58:55 [INFO] Executed tasks 16:58:57 [INFO] 16:58:57 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.dependencies --- 16:59:04 [INFO] Checking for updates 16:59:04 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 16:59:04 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 16:59:04 [INFO] Check for updates complete (527 ms) 16:59:04 [INFO] 16:59:04 16:59:04 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 16:59:04 16:59:04 16:59:04 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 16:59:04 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 16:59:04 16:59:04 💖 Sponsor: https://github.com/sponsors/jeremylong 16:59:04 16:59:04 16:59:04 [INFO] Analysis Started 16:59:08 [INFO] Finished Archive Analyzer (3 seconds) 16:59:08 [INFO] Finished File Name Analyzer (0 seconds) 16:59:11 [INFO] Finished Jar Analyzer (3 seconds) 16:59:11 [INFO] Finished Dependency Merging Analyzer (0 seconds) 16:59:11 [INFO] Finished Hint Analyzer (0 seconds) 16:59:11 [INFO] Finished Version Filter Analyzer (0 seconds) 16:59:15 [INFO] Created CPE Index (3 seconds) 16:59:24 [INFO] Finished CPE Analyzer (12 seconds) 16:59:24 [INFO] Finished False Positive Analyzer (0 seconds) 16:59:24 [INFO] Finished NVD CVE Analyzer (0 seconds) 16:59:42 [INFO] Finished RetireJS Analyzer (18 seconds) 16:59:43 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 16:59:43 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 16:59:43 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 16:59:44 [INFO] Finished Dependency Bundling Analyzer (1 seconds) 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 16:59:44 16:59:44 16:59:44 ## Recommendation 16:59:44 16:59:44 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 16:59:44 16:59:44 The following template can be used to demonstrate the vulnerability: 16:59:44 ```{{#with "constructor"}} 16:59:44 {{#with split as |a|}} 16:59:44 {{pop (push "alert('Vulnerable Handlebars JS');")}} 16:59:44 {{#with (concat (lookup join (slice 0 1)))}} 16:59:44 {{#each (slice 2 3)}} 16:59:44 {{#with (apply 0 a)}} 16:59:44 {{.}} 16:59:44 {{/with}} 16:59:44 {{/each}} 16:59:44 {{/with}} 16:59:44 {{/with}} 16:59:44 {{/with}}``` 16:59:44 16:59:44 16:59:44 ## Recommendation 16:59:44 16:59:44 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:44 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:44 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 16:59:45 [INFO] Analysis Complete (40 seconds) 16:59:45 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml 16:59:46 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.html 16:59:47 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.json 16:59:47 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.csv 16:59:47 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.sarif 16:59:48 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-jenkins.html 16:59:48 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-junit.xml 16:59:48 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-gitlab.json 16:59:48 [INFO] 16:59:48 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 16:59:48 [INFO] Building dependencies.ant 1.0 [3/69] 16:59:48 [INFO] --------------------------------[ pom ]--------------------------------- 16:59:48 [INFO] 16:59:48 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.ant --- 16:59:48 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 16:59:48 [INFO] 16:59:48 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 16:59:48 [INFO] 16:59:48 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.ant --- 16:59:49 [INFO] Executing tasks 16:59:54 [INFO] Executed tasks 16:59:54 [INFO] 16:59:54 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.ant --- 16:59:54 [INFO] Checking for updates 16:59:54 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 16:59:54 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 16:59:54 [INFO] Check for updates complete (95 ms) 16:59:54 [INFO] 16:59:54 16:59:54 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 16:59:54 16:59:54 16:59:54 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 16:59:54 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 16:59:54 16:59:54 💖 Sponsor: https://github.com/sponsors/jeremylong 16:59:54 16:59:54 16:59:54 [INFO] Analysis Started 16:59:54 [INFO] Finished Archive Analyzer (0 seconds) 16:59:54 [INFO] Finished File Name Analyzer (0 seconds) 16:59:54 [INFO] Finished Jar Analyzer (0 seconds) 16:59:54 [INFO] Finished Dependency Merging Analyzer (0 seconds) 16:59:54 [INFO] Finished Hint Analyzer (0 seconds) 16:59:54 [INFO] Finished Version Filter Analyzer (0 seconds) 16:59:56 [INFO] Created CPE Index (1 seconds) 16:59:56 [INFO] Finished CPE Analyzer (1 seconds) 16:59:56 [INFO] Finished False Positive Analyzer (0 seconds) 16:59:56 [INFO] Finished NVD CVE Analyzer (0 seconds) 16:59:56 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 16:59:56 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 16:59:56 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 16:59:56 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 16:59:56 16:59:56 16:59:56 ## Recommendation 16:59:56 16:59:56 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 16:59:56 16:59:56 The following template can be used to demonstrate the vulnerability: 16:59:56 ```{{#with "constructor"}} 16:59:56 {{#with split as |a|}} 16:59:56 {{pop (push "alert('Vulnerable Handlebars JS');")}} 16:59:56 {{#with (concat (lookup join (slice 0 1)))}} 16:59:56 {{#each (slice 2 3)}} 16:59:56 {{#with (apply 0 a)}} 16:59:56 {{.}} 16:59:56 {{/with}} 16:59:56 {{/each}} 16:59:56 {{/with}} 16:59:56 {{/with}} 16:59:56 {{/with}}``` 16:59:56 16:59:56 16:59:56 ## Recommendation 16:59:56 16:59:56 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 16:59:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 16:59:56 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 16:59:56 [INFO] Analysis Complete (1 seconds) 16:59:56 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 16:59:56 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 16:59:56 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 16:59:56 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 16:59:56 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 16:59:56 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 16:59:56 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 16:59:56 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 16:59:56 [INFO] 16:59:56 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 16:59:56 [INFO] Building dependencies.antinstaller 1.0 [4/69] 16:59:56 [INFO] --------------------------------[ pom ]--------------------------------- 16:59:56 [INFO] 16:59:56 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 16:59:56 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 16:59:56 [INFO] 16:59:56 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 16:59:56 [INFO] 16:59:56 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.antinstaller --- 16:59:56 [INFO] Executing tasks 17:00:01 [INFO] Executed tasks 17:00:01 [INFO] 17:00:01 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.antinstaller --- 17:00:02 [INFO] Checking for updates 17:00:02 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:00:02 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:00:02 [INFO] Check for updates complete (85 ms) 17:00:02 [INFO] 17:00:02 17:00:02 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:00:02 17:00:02 17:00:02 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:00:02 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:00:02 17:00:02 💖 Sponsor: https://github.com/sponsors/jeremylong 17:00:02 17:00:02 17:00:02 [INFO] Analysis Started 17:00:02 [INFO] Finished Archive Analyzer (0 seconds) 17:00:02 [INFO] Finished File Name Analyzer (0 seconds) 17:00:02 [INFO] Finished Jar Analyzer (0 seconds) 17:00:02 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:00:02 [INFO] Finished Hint Analyzer (0 seconds) 17:00:02 [INFO] Finished Version Filter Analyzer (0 seconds) 17:00:04 [INFO] Created CPE Index (1 seconds) 17:00:04 [INFO] Finished CPE Analyzer (1 seconds) 17:00:04 [INFO] Finished False Positive Analyzer (0 seconds) 17:00:04 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:00:04 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:00:04 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:00:04 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:00:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:00:04 17:00:04 17:00:04 ## Recommendation 17:00:04 17:00:04 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:00:04 17:00:04 The following template can be used to demonstrate the vulnerability: 17:00:04 ```{{#with "constructor"}} 17:00:04 {{#with split as |a|}} 17:00:04 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:00:04 {{#with (concat (lookup join (slice 0 1)))}} 17:00:04 {{#each (slice 2 3)}} 17:00:04 {{#with (apply 0 a)}} 17:00:04 {{.}} 17:00:04 {{/with}} 17:00:04 {{/each}} 17:00:04 {{/with}} 17:00:04 {{/with}} 17:00:04 {{/with}}``` 17:00:04 17:00:04 17:00:04 ## Recommendation 17:00:04 17:00:04 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:00:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:00:04 [INFO] Analysis Complete (2 seconds) 17:00:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:00:04 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:00:04 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:00:04 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:00:04 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:00:04 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:00:04 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:00:04 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:00:05 [INFO] 17:00:05 [INFO] ---------------< org.openspcoop2:org.openspcoop2.axiom >---------------- 17:00:05 [INFO] Building dependencies.axiom 1.0 [5/69] 17:00:05 [INFO] --------------------------------[ pom ]--------------------------------- 17:00:05 [INFO] 17:00:05 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.axiom --- 17:00:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axiom (includes = [*.jar], excludes = []) 17:00:05 [INFO] 17:00:05 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.axiom --- 17:00:05 [INFO] 17:00:05 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.axiom --- 17:00:05 [INFO] Executing tasks 17:00:05 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-api-1.2.13.jar 17:00:05 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-dom-1.2.13.jar 17:00:05 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-impl-1.2.13.jar 17:00:05 [INFO] Executed tasks 17:00:05 [INFO] 17:00:05 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.axiom --- 17:00:05 [INFO] Executing tasks 17:00:10 [INFO] Executed tasks 17:00:10 [INFO] 17:00:10 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.axiom --- 17:00:10 [INFO] Checking for updates 17:00:10 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:00:10 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:00:10 [INFO] Check for updates complete (78 ms) 17:00:10 [INFO] 17:00:10 17:00:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:00:10 17:00:10 17:00:10 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:00:10 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:00:10 17:00:10 💖 Sponsor: https://github.com/sponsors/jeremylong 17:00:10 17:00:10 17:00:10 [INFO] Analysis Started 17:00:10 [INFO] Finished Archive Analyzer (0 seconds) 17:00:10 [INFO] Finished File Name Analyzer (0 seconds) 17:00:10 [INFO] Finished Jar Analyzer (0 seconds) 17:00:10 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:00:10 [INFO] Finished Hint Analyzer (0 seconds) 17:00:10 [INFO] Finished Version Filter Analyzer (0 seconds) 17:00:12 [INFO] Created CPE Index (1 seconds) 17:00:12 [INFO] Finished CPE Analyzer (2 seconds) 17:00:12 [INFO] Finished False Positive Analyzer (0 seconds) 17:00:12 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:00:12 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:00:12 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:00:12 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:00:12 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:00:12 17:00:12 17:00:12 ## Recommendation 17:00:12 17:00:12 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:00:12 17:00:12 The following template can be used to demonstrate the vulnerability: 17:00:12 ```{{#with "constructor"}} 17:00:12 {{#with split as |a|}} 17:00:12 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:00:12 {{#with (concat (lookup join (slice 0 1)))}} 17:00:12 {{#each (slice 2 3)}} 17:00:12 {{#with (apply 0 a)}} 17:00:12 {{.}} 17:00:12 {{/with}} 17:00:12 {{/each}} 17:00:12 {{/with}} 17:00:12 {{/with}} 17:00:12 {{/with}}``` 17:00:12 17:00:12 17:00:12 ## Recommendation 17:00:12 17:00:12 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:00:12 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:00:12 [INFO] Analysis Complete (2 seconds) 17:00:12 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:00:12 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:00:12 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:00:12 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:00:12 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:00:12 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:00:12 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:00:13 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:00:13 [INFO] 17:00:13 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 17:00:13 [INFO] Building dependencies.bean-validation 1.0 [6/69] 17:00:13 [INFO] --------------------------------[ pom ]--------------------------------- 17:00:13 [INFO] 17:00:13 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 17:00:13 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 17:00:13 [INFO] 17:00:13 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 17:00:13 [INFO] 17:00:13 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.bean-validation --- 17:00:13 [INFO] Executing tasks 17:00:18 [INFO] Executed tasks 17:00:18 [INFO] 17:00:18 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.bean-validation --- 17:00:18 [INFO] Checking for updates 17:00:18 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:00:18 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:00:18 [INFO] Check for updates complete (111 ms) 17:00:18 [INFO] 17:00:18 17:00:18 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:00:18 17:00:18 17:00:18 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:00:18 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:00:18 17:00:18 💖 Sponsor: https://github.com/sponsors/jeremylong 17:00:18 17:00:18 17:00:18 [INFO] Analysis Started 17:00:18 [INFO] Finished Archive Analyzer (0 seconds) 17:00:18 [INFO] Finished File Name Analyzer (0 seconds) 17:00:18 [INFO] Finished Jar Analyzer (0 seconds) 17:00:18 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:00:18 [INFO] Finished Hint Analyzer (0 seconds) 17:00:18 [INFO] Finished Version Filter Analyzer (0 seconds) 17:00:20 [INFO] Created CPE Index (1 seconds) 17:00:20 [INFO] Finished CPE Analyzer (1 seconds) 17:00:20 [INFO] Finished False Positive Analyzer (0 seconds) 17:00:20 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:00:20 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:00:20 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:00:20 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:00:20 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:00:20 17:00:20 17:00:20 ## Recommendation 17:00:20 17:00:20 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:00:20 17:00:20 The following template can be used to demonstrate the vulnerability: 17:00:20 ```{{#with "constructor"}} 17:00:20 {{#with split as |a|}} 17:00:20 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:00:20 {{#with (concat (lookup join (slice 0 1)))}} 17:00:20 {{#each (slice 2 3)}} 17:00:20 {{#with (apply 0 a)}} 17:00:20 {{.}} 17:00:20 {{/with}} 17:00:20 {{/each}} 17:00:20 {{/with}} 17:00:20 {{/with}} 17:00:20 {{/with}}``` 17:00:20 17:00:20 17:00:20 ## Recommendation 17:00:20 17:00:20 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:20 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:00:20 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:00:20 [INFO] Analysis Complete (1 seconds) 17:00:20 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:00:20 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:00:20 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:00:20 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:00:20 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:00:20 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:00:20 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:00:20 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:00:20 [INFO] 17:00:20 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 17:00:20 [INFO] Building dependencies.cxf 1.0 [7/69] 17:00:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:00:20 [INFO] 17:00:20 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 17:00:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 17:00:20 [INFO] 17:00:20 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 17:00:20 [INFO] 17:00:20 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 17:00:20 [INFO] Executing tasks 17:00:20 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-3.6.4.jar 17:00:20 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-3.6.4.jar 17:00:20 [INFO] Executed tasks 17:00:20 [INFO] 17:00:20 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.cxf --- 17:00:20 [INFO] Executing tasks 17:00:25 [INFO] Executed tasks 17:00:25 [INFO] 17:00:25 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.cxf --- 17:00:26 [INFO] Checking for updates 17:00:26 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:00:26 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:00:26 [INFO] Check for updates complete (93 ms) 17:00:26 [INFO] 17:00:26 17:00:26 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:00:26 17:00:26 17:00:26 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:00:26 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:00:26 17:00:26 💖 Sponsor: https://github.com/sponsors/jeremylong 17:00:26 17:00:26 17:00:26 [INFO] Analysis Started 17:00:26 [INFO] Finished Archive Analyzer (0 seconds) 17:00:26 [INFO] Finished File Name Analyzer (0 seconds) 17:00:26 [INFO] Finished Jar Analyzer (0 seconds) 17:00:26 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:00:26 [INFO] Finished Hint Analyzer (0 seconds) 17:00:26 [INFO] Finished Version Filter Analyzer (0 seconds) 17:00:28 [INFO] Created CPE Index (1 seconds) 17:00:29 [INFO] Finished CPE Analyzer (2 seconds) 17:00:29 [INFO] Finished False Positive Analyzer (0 seconds) 17:00:29 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:00:29 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:00:29 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:00:29 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:00:29 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:00:29 17:00:29 17:00:29 ## Recommendation 17:00:29 17:00:29 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:00:29 17:00:29 The following template can be used to demonstrate the vulnerability: 17:00:29 ```{{#with "constructor"}} 17:00:29 {{#with split as |a|}} 17:00:29 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:00:29 {{#with (concat (lookup join (slice 0 1)))}} 17:00:29 {{#each (slice 2 3)}} 17:00:29 {{#with (apply 0 a)}} 17:00:29 {{.}} 17:00:29 {{/with}} 17:00:29 {{/each}} 17:00:29 {{/with}} 17:00:29 {{/with}} 17:00:29 {{/with}}``` 17:00:29 17:00:29 17:00:29 ## Recommendation 17:00:29 17:00:29 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:00:29 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:00:29 [INFO] Analysis Complete (2 seconds) 17:00:29 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:00:29 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:00:29 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:00:29 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:00:29 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:00:29 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:00:29 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:00:29 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:00:29 [INFO] 17:00:29 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 17:00:29 [INFO] Building dependencies.commons 1.0 [8/69] 17:00:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:00:29 [INFO] 17:00:29 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.commons --- 17:00:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 17:00:29 [INFO] 17:00:29 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 17:00:29 [INFO] 17:00:29 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.commons --- 17:00:29 [INFO] Executing tasks 17:00:34 [INFO] Executed tasks 17:00:34 [INFO] 17:00:34 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.commons --- 17:00:34 [INFO] Checking for updates 17:00:34 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:00:34 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:00:34 [INFO] Check for updates complete (153 ms) 17:00:35 [INFO] 17:00:35 17:00:35 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:00:35 17:00:35 17:00:35 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:00:35 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:00:35 17:00:35 💖 Sponsor: https://github.com/sponsors/jeremylong 17:00:35 17:00:35 17:00:35 [INFO] Analysis Started 17:00:35 [INFO] Finished Archive Analyzer (0 seconds) 17:00:35 [INFO] Finished File Name Analyzer (0 seconds) 17:00:35 [INFO] Finished Jar Analyzer (0 seconds) 17:00:35 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:00:35 [INFO] Finished Hint Analyzer (0 seconds) 17:00:35 [INFO] Finished Version Filter Analyzer (0 seconds) 17:00:37 [INFO] Created CPE Index (1 seconds) 17:00:38 [INFO] Finished CPE Analyzer (2 seconds) 17:00:38 [INFO] Finished False Positive Analyzer (0 seconds) 17:00:38 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:00:38 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:00:38 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:00:38 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:00:38 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:00:38 17:00:38 17:00:38 ## Recommendation 17:00:38 17:00:38 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:00:38 17:00:38 The following template can be used to demonstrate the vulnerability: 17:00:38 ```{{#with "constructor"}} 17:00:38 {{#with split as |a|}} 17:00:38 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:00:38 {{#with (concat (lookup join (slice 0 1)))}} 17:00:38 {{#each (slice 2 3)}} 17:00:38 {{#with (apply 0 a)}} 17:00:38 {{.}} 17:00:38 {{/with}} 17:00:38 {{/each}} 17:00:38 {{/with}} 17:00:38 {{/with}} 17:00:38 {{/with}}``` 17:00:38 17:00:38 17:00:38 ## Recommendation 17:00:38 17:00:38 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:00:38 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:00:38 [INFO] Analysis Complete (3 seconds) 17:00:38 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:00:38 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:00:38 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:00:38 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:00:38 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:00:38 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:00:38 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:00:38 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:00:38 [INFO] 17:00:38 [INFO] ---------------< org.openspcoop2:org.openspcoop2.faces >---------------- 17:00:38 [INFO] Building dependencies.faces 1.0 [9/69] 17:00:38 [INFO] --------------------------------[ pom ]--------------------------------- 17:00:38 [INFO] 17:00:38 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.faces --- 17:00:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/faces (includes = [*.jar], excludes = []) 17:00:38 [INFO] 17:00:38 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.faces --- 17:00:39 [INFO] 17:00:39 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.faces --- 17:00:39 [INFO] Executing tasks 17:00:44 [INFO] Executed tasks 17:00:44 [INFO] 17:00:44 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.faces --- 17:00:44 [INFO] Checking for updates 17:00:44 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:00:44 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:00:44 [INFO] Check for updates complete (72 ms) 17:00:44 [INFO] 17:00:44 17:00:44 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:00:44 17:00:44 17:00:44 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:00:44 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:00:44 17:00:44 💖 Sponsor: https://github.com/sponsors/jeremylong 17:00:44 17:00:44 17:00:44 [INFO] Analysis Started 17:00:45 [INFO] Finished Archive Analyzer (0 seconds) 17:00:45 [INFO] Finished File Name Analyzer (0 seconds) 17:00:45 [INFO] Finished Jar Analyzer (0 seconds) 17:00:45 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:00:45 [INFO] Finished Hint Analyzer (0 seconds) 17:00:45 [INFO] Finished Version Filter Analyzer (0 seconds) 17:00:47 [INFO] Created CPE Index (1 seconds) 17:00:48 [INFO] Finished CPE Analyzer (2 seconds) 17:00:48 [INFO] Finished False Positive Analyzer (0 seconds) 17:00:48 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:00:56 [INFO] Finished RetireJS Analyzer (8 seconds) 17:00:56 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:00:56 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:00:56 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:00:56 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:00:56 17:00:56 17:00:56 ## Recommendation 17:00:56 17:00:56 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:00:56 17:00:56 The following template can be used to demonstrate the vulnerability: 17:00:56 ```{{#with "constructor"}} 17:00:56 {{#with split as |a|}} 17:00:56 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:00:56 {{#with (concat (lookup join (slice 0 1)))}} 17:00:56 {{#each (slice 2 3)}} 17:00:56 {{#with (apply 0 a)}} 17:00:56 {{.}} 17:00:56 {{/with}} 17:00:56 {{/each}} 17:00:56 {{/with}} 17:00:56 {{/with}} 17:00:56 {{/with}}``` 17:00:56 17:00:56 17:00:56 ## Recommendation 17:00:56 17:00:56 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:00:56 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:00:56 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:00:56 [INFO] Analysis Complete (12 seconds) 17:00:56 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:00:57 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:00:57 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:00:57 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:00:57 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:00:57 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:00:57 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:00:57 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:00:57 [INFO] 17:00:57 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 17:00:57 [INFO] Building dependencies.git 1.0 [10/69] 17:00:57 [INFO] --------------------------------[ pom ]--------------------------------- 17:00:57 [INFO] 17:00:57 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.git --- 17:00:57 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 17:00:57 [INFO] 17:00:57 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 17:00:57 [INFO] 17:00:57 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.git --- 17:00:57 [INFO] Executing tasks 17:01:02 [INFO] Executed tasks 17:01:02 [INFO] 17:01:02 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.git --- 17:01:02 [INFO] Checking for updates 17:01:02 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:01:02 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:01:02 [INFO] Check for updates complete (88 ms) 17:01:03 [INFO] 17:01:03 17:01:03 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:01:03 17:01:03 17:01:03 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:01:03 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:01:03 17:01:03 💖 Sponsor: https://github.com/sponsors/jeremylong 17:01:03 17:01:03 17:01:03 [INFO] Analysis Started 17:01:03 [INFO] Finished Archive Analyzer (0 seconds) 17:01:03 [INFO] Finished File Name Analyzer (0 seconds) 17:01:03 [INFO] Finished Jar Analyzer (0 seconds) 17:01:03 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:01:03 [INFO] Finished Hint Analyzer (0 seconds) 17:01:03 [INFO] Finished Version Filter Analyzer (0 seconds) 17:01:04 [INFO] Created CPE Index (1 seconds) 17:01:04 [INFO] Finished CPE Analyzer (1 seconds) 17:01:04 [INFO] Finished False Positive Analyzer (0 seconds) 17:01:04 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:01:04 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:01:04 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:01:04 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:01:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:01:04 17:01:04 17:01:04 ## Recommendation 17:01:04 17:01:04 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:01:04 17:01:04 The following template can be used to demonstrate the vulnerability: 17:01:04 ```{{#with "constructor"}} 17:01:04 {{#with split as |a|}} 17:01:04 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:01:04 {{#with (concat (lookup join (slice 0 1)))}} 17:01:04 {{#each (slice 2 3)}} 17:01:04 {{#with (apply 0 a)}} 17:01:04 {{.}} 17:01:04 {{/with}} 17:01:04 {{/each}} 17:01:04 {{/with}} 17:01:04 {{/with}} 17:01:04 {{/with}}``` 17:01:04 17:01:04 17:01:04 ## Recommendation 17:01:04 17:01:04 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:04 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:01:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:01:04 [INFO] Analysis Complete (1 seconds) 17:01:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:01:04 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:01:04 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:01:04 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:01:04 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:01:04 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:01:04 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:01:04 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:01:05 [INFO] 17:01:05 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 17:01:05 [INFO] Building dependencies.httpcore 1.0 [11/69] 17:01:05 [INFO] --------------------------------[ pom ]--------------------------------- 17:01:05 [INFO] 17:01:05 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 17:01:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 17:01:05 [INFO] 17:01:05 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 17:01:05 [INFO] 17:01:05 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.httpcore --- 17:01:05 [INFO] Executing tasks 17:01:05 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-ab-4.4.15.jar 17:01:05 [INFO] Executed tasks 17:01:05 [INFO] 17:01:05 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.httpcore --- 17:01:05 [INFO] Executing tasks 17:01:10 [INFO] Executed tasks 17:01:10 [INFO] 17:01:10 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.httpcore --- 17:01:10 [INFO] Checking for updates 17:01:10 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:01:10 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:01:10 [INFO] Check for updates complete (101 ms) 17:01:10 [INFO] 17:01:10 17:01:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:01:10 17:01:10 17:01:10 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:01:10 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:01:10 17:01:10 💖 Sponsor: https://github.com/sponsors/jeremylong 17:01:10 17:01:10 17:01:10 [INFO] Analysis Started 17:01:10 [INFO] Finished Archive Analyzer (0 seconds) 17:01:10 [INFO] Finished File Name Analyzer (0 seconds) 17:01:10 [INFO] Finished Jar Analyzer (0 seconds) 17:01:10 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:01:10 [INFO] Finished Hint Analyzer (0 seconds) 17:01:10 [INFO] Finished Version Filter Analyzer (0 seconds) 17:01:11 [INFO] Created CPE Index (1 seconds) 17:01:12 [INFO] Finished CPE Analyzer (1 seconds) 17:01:12 [INFO] Finished False Positive Analyzer (0 seconds) 17:01:12 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:01:12 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:01:12 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:01:12 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:01:12 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:01:12 17:01:12 17:01:12 ## Recommendation 17:01:12 17:01:12 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:01:12 17:01:12 The following template can be used to demonstrate the vulnerability: 17:01:12 ```{{#with "constructor"}} 17:01:12 {{#with split as |a|}} 17:01:12 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:01:12 {{#with (concat (lookup join (slice 0 1)))}} 17:01:12 {{#each (slice 2 3)}} 17:01:12 {{#with (apply 0 a)}} 17:01:12 {{.}} 17:01:12 {{/with}} 17:01:12 {{/each}} 17:01:12 {{/with}} 17:01:12 {{/with}} 17:01:12 {{/with}}``` 17:01:12 17:01:12 17:01:12 ## Recommendation 17:01:12 17:01:12 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:12 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:01:12 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:01:12 [INFO] Analysis Complete (1 seconds) 17:01:12 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:01:12 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:01:12 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:01:12 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:01:12 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:01:12 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:01:12 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:01:12 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:01:12 [INFO] 17:01:12 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 17:01:12 [INFO] Building dependencies.jackson 1.0 [12/69] 17:01:12 [INFO] --------------------------------[ pom ]--------------------------------- 17:01:12 [INFO] 17:01:12 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 17:01:12 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 17:01:12 [INFO] 17:01:12 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 17:01:12 [INFO] 17:01:12 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jackson --- 17:01:12 [INFO] Executing tasks 17:01:17 [INFO] Executed tasks 17:01:17 [INFO] 17:01:17 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.jackson --- 17:01:17 [INFO] Checking for updates 17:01:17 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:01:17 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:01:17 [INFO] Check for updates complete (76 ms) 17:01:18 [INFO] 17:01:18 17:01:18 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:01:18 17:01:18 17:01:18 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:01:18 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:01:18 17:01:18 💖 Sponsor: https://github.com/sponsors/jeremylong 17:01:18 17:01:18 17:01:18 [INFO] Analysis Started 17:01:18 [INFO] Finished Archive Analyzer (0 seconds) 17:01:18 [INFO] Finished File Name Analyzer (0 seconds) 17:01:18 [INFO] Finished Jar Analyzer (0 seconds) 17:01:18 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:01:18 [INFO] Finished Hint Analyzer (0 seconds) 17:01:18 [INFO] Finished Version Filter Analyzer (0 seconds) 17:01:19 [INFO] Created CPE Index (1 seconds) 17:01:19 [INFO] Finished CPE Analyzer (1 seconds) 17:01:19 [INFO] Finished False Positive Analyzer (0 seconds) 17:01:19 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:01:19 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:01:19 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:01:19 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:01:19 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:01:19 17:01:19 17:01:19 ## Recommendation 17:01:19 17:01:19 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:01:19 17:01:19 The following template can be used to demonstrate the vulnerability: 17:01:19 ```{{#with "constructor"}} 17:01:19 {{#with split as |a|}} 17:01:19 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:01:19 {{#with (concat (lookup join (slice 0 1)))}} 17:01:19 {{#each (slice 2 3)}} 17:01:19 {{#with (apply 0 a)}} 17:01:19 {{.}} 17:01:19 {{/with}} 17:01:19 {{/each}} 17:01:19 {{/with}} 17:01:19 {{/with}} 17:01:19 {{/with}}``` 17:01:19 17:01:19 17:01:19 ## Recommendation 17:01:19 17:01:19 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:19 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:01:19 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:01:19 [INFO] Analysis Complete (1 seconds) 17:01:19 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:01:19 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:01:19 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:01:19 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:01:19 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:01:19 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:01:19 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:01:19 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:01:19 [INFO] 17:01:19 [INFO] ---------------< org.openspcoop2:org.openspcoop2.javax >---------------- 17:01:19 [INFO] Building dependencies.javax 1.0 [13/69] 17:01:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:01:19 [INFO] 17:01:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.javax --- 17:01:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/javax (includes = [*.jar], excludes = []) 17:01:19 [INFO] 17:01:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.javax --- 17:01:19 [INFO] 17:01:19 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.javax --- 17:01:20 [INFO] Executing tasks 17:01:25 [INFO] Executed tasks 17:01:25 [INFO] 17:01:25 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.javax --- 17:01:25 [INFO] Checking for updates 17:01:25 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:01:25 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:01:25 [INFO] Check for updates complete (91 ms) 17:01:25 [INFO] 17:01:25 17:01:25 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:01:25 17:01:25 17:01:25 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:01:25 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:01:25 17:01:25 💖 Sponsor: https://github.com/sponsors/jeremylong 17:01:25 17:01:25 17:01:25 [INFO] Analysis Started 17:01:25 [INFO] Finished Archive Analyzer (0 seconds) 17:01:25 [INFO] Finished File Name Analyzer (0 seconds) 17:01:25 [INFO] Finished Jar Analyzer (0 seconds) 17:01:25 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:01:25 [INFO] Finished Hint Analyzer (0 seconds) 17:01:25 [INFO] Finished Version Filter Analyzer (0 seconds) 17:01:27 [INFO] Created CPE Index (1 seconds) 17:01:27 [INFO] Finished CPE Analyzer (1 seconds) 17:01:27 [INFO] Finished False Positive Analyzer (0 seconds) 17:01:27 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:01:27 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:01:27 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:01:27 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:01:27 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:01:27 17:01:27 17:01:27 ## Recommendation 17:01:27 17:01:27 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:01:27 17:01:27 The following template can be used to demonstrate the vulnerability: 17:01:27 ```{{#with "constructor"}} 17:01:27 {{#with split as |a|}} 17:01:27 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:01:27 {{#with (concat (lookup join (slice 0 1)))}} 17:01:27 {{#each (slice 2 3)}} 17:01:27 {{#with (apply 0 a)}} 17:01:27 {{.}} 17:01:27 {{/with}} 17:01:27 {{/each}} 17:01:27 {{/with}} 17:01:27 {{/with}} 17:01:27 {{/with}}``` 17:01:27 17:01:27 17:01:27 ## Recommendation 17:01:27 17:01:27 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:01:27 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:01:27 [INFO] Analysis Complete (1 seconds) 17:01:27 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:01:27 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:01:27 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:01:27 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:01:27 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:01:27 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:01:27 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:01:27 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:01:27 [INFO] 17:01:27 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jax >----------------- 17:01:27 [INFO] Building dependencies.jax 1.0 [14/69] 17:01:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:01:27 [INFO] 17:01:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jax --- 17:01:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jax (includes = [*.jar], excludes = []) 17:01:27 [INFO] 17:01:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jax --- 17:01:27 [INFO] 17:01:27 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.jax --- 17:01:27 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-jsr181-api-2.3.1.jar 17:01:27 [INFO] 17:01:27 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jax --- 17:01:27 [INFO] Executing tasks 17:01:27 [INFO] Executed tasks 17:01:27 [INFO] 17:01:27 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jax --- 17:01:27 [INFO] Executing tasks 17:01:32 [INFO] Executed tasks 17:01:32 [INFO] 17:01:32 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.jax --- 17:01:32 [INFO] Checking for updates 17:01:32 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:01:32 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:01:32 [INFO] Check for updates complete (87 ms) 17:01:33 [INFO] 17:01:33 17:01:33 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:01:33 17:01:33 17:01:33 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:01:33 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:01:33 17:01:33 💖 Sponsor: https://github.com/sponsors/jeremylong 17:01:33 17:01:33 17:01:33 [INFO] Analysis Started 17:01:33 [INFO] Finished Archive Analyzer (0 seconds) 17:01:33 [INFO] Finished File Name Analyzer (0 seconds) 17:01:33 [INFO] Finished Jar Analyzer (0 seconds) 17:01:33 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:01:33 [INFO] Finished Hint Analyzer (0 seconds) 17:01:33 [INFO] Finished Version Filter Analyzer (0 seconds) 17:01:35 [INFO] Created CPE Index (1 seconds) 17:01:35 [INFO] Finished CPE Analyzer (2 seconds) 17:01:35 [INFO] Finished False Positive Analyzer (0 seconds) 17:01:35 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:01:35 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:01:35 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:01:35 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:01:35 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:01:35 17:01:35 17:01:35 ## Recommendation 17:01:35 17:01:35 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:01:35 17:01:35 The following template can be used to demonstrate the vulnerability: 17:01:35 ```{{#with "constructor"}} 17:01:35 {{#with split as |a|}} 17:01:35 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:01:35 {{#with (concat (lookup join (slice 0 1)))}} 17:01:35 {{#each (slice 2 3)}} 17:01:35 {{#with (apply 0 a)}} 17:01:35 {{.}} 17:01:35 {{/with}} 17:01:35 {{/each}} 17:01:35 {{/with}} 17:01:35 {{/with}} 17:01:35 {{/with}}``` 17:01:35 17:01:35 17:01:35 ## Recommendation 17:01:35 17:01:35 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:01:35 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:01:35 [INFO] Analysis Complete (2 seconds) 17:01:35 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:01:35 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:01:35 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:01:35 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:01:35 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:01:35 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:01:35 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:01:35 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:01:35 [INFO] 17:01:35 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 17:01:35 [INFO] Building dependencies.jetty 1.0 [15/69] 17:01:35 [INFO] --------------------------------[ pom ]--------------------------------- 17:01:35 [INFO] 17:01:35 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 17:01:35 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 17:01:35 [INFO] 17:01:35 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 17:01:35 [INFO] 17:01:35 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jetty --- 17:01:35 [INFO] Executing tasks 17:01:40 [INFO] Executed tasks 17:01:40 [INFO] 17:01:40 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.jetty --- 17:01:40 [INFO] Checking for updates 17:01:40 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:01:41 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:01:41 [INFO] Check for updates complete (79 ms) 17:01:41 [INFO] 17:01:41 17:01:41 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:01:41 17:01:41 17:01:41 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:01:41 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:01:41 17:01:41 💖 Sponsor: https://github.com/sponsors/jeremylong 17:01:41 17:01:41 17:01:41 [INFO] Analysis Started 17:01:41 [INFO] Finished File Name Analyzer (0 seconds) 17:01:41 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:01:41 [INFO] Finished Hint Analyzer (0 seconds) 17:01:41 [INFO] Finished Version Filter Analyzer (0 seconds) 17:01:42 [INFO] Created CPE Index (1 seconds) 17:01:43 [INFO] Finished CPE Analyzer (1 seconds) 17:01:43 [INFO] Finished False Positive Analyzer (0 seconds) 17:01:43 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:01:43 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:01:43 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:01:43 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:01:43 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:01:43 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:01:43 [INFO] Analysis Complete (1 seconds) 17:01:43 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:01:43 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:01:43 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:01:43 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:01:43 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:01:43 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:01:43 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:01:43 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:01:43 [INFO] 17:01:43 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jminix >--------------- 17:01:43 [INFO] Building dependencies.jminix 1.0 [16/69] 17:01:43 [INFO] --------------------------------[ pom ]--------------------------------- 17:01:43 [INFO] 17:01:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jminix --- 17:01:43 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jminix (includes = [*.jar], excludes = []) 17:01:43 [INFO] 17:01:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jminix --- 17:01:43 [INFO] 17:01:43 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jminix --- 17:01:43 [INFO] Executing tasks 17:01:43 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-1.2.0.jar 17:01:43 [INFO] Executed tasks 17:01:43 [INFO] 17:01:43 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jminix --- 17:01:43 [INFO] Executing tasks 17:01:48 [INFO] Executed tasks 17:01:48 [INFO] 17:01:48 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.jminix --- 17:01:48 [INFO] Checking for updates 17:01:48 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:01:48 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:01:48 [INFO] Check for updates complete (75 ms) 17:01:48 [INFO] 17:01:48 17:01:48 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:01:48 17:01:48 17:01:48 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:01:48 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:01:48 17:01:48 💖 Sponsor: https://github.com/sponsors/jeremylong 17:01:48 17:01:48 17:01:48 [INFO] Analysis Started 17:01:48 [INFO] Finished Archive Analyzer (0 seconds) 17:01:48 [INFO] Finished File Name Analyzer (0 seconds) 17:01:48 [INFO] Finished Jar Analyzer (0 seconds) 17:01:48 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:01:48 [INFO] Finished Hint Analyzer (0 seconds) 17:01:48 [INFO] Finished Version Filter Analyzer (0 seconds) 17:01:50 [INFO] Created CPE Index (1 seconds) 17:01:50 [INFO] Finished CPE Analyzer (1 seconds) 17:01:50 [INFO] Finished False Positive Analyzer (0 seconds) 17:01:50 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:01:52 [INFO] Finished RetireJS Analyzer (2 seconds) 17:01:52 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:01:52 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:01:52 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:01:52 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:01:52 17:01:52 17:01:52 ## Recommendation 17:01:52 17:01:52 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:01:52 17:01:52 The following template can be used to demonstrate the vulnerability: 17:01:52 ```{{#with "constructor"}} 17:01:52 {{#with split as |a|}} 17:01:52 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:01:52 {{#with (concat (lookup join (slice 0 1)))}} 17:01:52 {{#each (slice 2 3)}} 17:01:52 {{#with (apply 0 a)}} 17:01:52 {{.}} 17:01:52 {{/with}} 17:01:52 {{/each}} 17:01:52 {{/with}} 17:01:52 {{/with}} 17:01:52 {{/with}}``` 17:01:52 17:01:52 17:01:52 ## Recommendation 17:01:52 17:01:52 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:52 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:01:52 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:01:52 [INFO] Analysis Complete (3 seconds) 17:01:52 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:01:52 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:01:52 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:01:52 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:01:52 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:01:52 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:01:52 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:01:52 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:01:52 [INFO] 17:01:52 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 17:01:52 [INFO] Building dependencies.json 1.0 [17/69] 17:01:52 [INFO] --------------------------------[ pom ]--------------------------------- 17:01:52 [INFO] 17:01:52 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.json --- 17:01:52 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 17:01:52 [INFO] 17:01:52 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 17:01:52 [INFO] 17:01:52 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 17:01:52 [INFO] Executing tasks 17:01:52 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 17:01:52 [INFO] Executed tasks 17:01:52 [INFO] 17:01:52 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.json --- 17:01:52 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.0.73.jar 17:01:52 [INFO] 17:01:52 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.json --- 17:01:52 [INFO] Executing tasks 17:01:57 [INFO] Executed tasks 17:01:57 [INFO] 17:01:57 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.json --- 17:01:57 [INFO] Checking for updates 17:01:57 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:01:57 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:01:57 [INFO] Check for updates complete (78 ms) 17:01:58 [INFO] 17:01:58 17:01:58 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:01:58 17:01:58 17:01:58 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:01:58 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:01:58 17:01:58 💖 Sponsor: https://github.com/sponsors/jeremylong 17:01:58 17:01:58 17:01:58 [INFO] Analysis Started 17:01:58 [INFO] Finished Archive Analyzer (0 seconds) 17:01:58 [INFO] Finished File Name Analyzer (0 seconds) 17:01:58 [INFO] Finished Jar Analyzer (0 seconds) 17:01:58 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:01:58 [INFO] Finished Hint Analyzer (0 seconds) 17:01:58 [INFO] Finished Version Filter Analyzer (0 seconds) 17:01:59 [INFO] Created CPE Index (1 seconds) 17:01:59 [INFO] Finished CPE Analyzer (1 seconds) 17:01:59 [INFO] Finished False Positive Analyzer (0 seconds) 17:01:59 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:01:59 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:01:59 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:01:59 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:01:59 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:01:59 17:01:59 17:01:59 ## Recommendation 17:01:59 17:01:59 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:01:59 17:01:59 The following template can be used to demonstrate the vulnerability: 17:01:59 ```{{#with "constructor"}} 17:01:59 {{#with split as |a|}} 17:01:59 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:01:59 {{#with (concat (lookup join (slice 0 1)))}} 17:01:59 {{#each (slice 2 3)}} 17:01:59 {{#with (apply 0 a)}} 17:01:59 {{.}} 17:01:59 {{/with}} 17:01:59 {{/each}} 17:01:59 {{/with}} 17:01:59 {{/with}} 17:01:59 {{/with}}``` 17:01:59 17:01:59 17:01:59 ## Recommendation 17:01:59 17:01:59 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:01:59 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:01:59 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:01:59 [INFO] Analysis Complete (1 seconds) 17:01:59 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:01:59 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:01:59 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:01:59 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:01:59 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:00 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:00 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:00 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:00 [INFO] 17:02:00 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 17:02:00 [INFO] Building dependencies.log 1.0 [18/69] 17:02:00 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:00 [INFO] 17:02:00 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.log --- 17:02:00 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 17:02:00 [INFO] 17:02:00 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 17:02:00 [INFO] 17:02:00 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 17:02:00 [INFO] Executing tasks 17:02:00 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.16.jar 17:02:00 [INFO] Executed tasks 17:02:00 [INFO] 17:02:00 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.log --- 17:02:00 [INFO] Executing tasks 17:02:05 [INFO] Executed tasks 17:02:05 [INFO] 17:02:05 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.log --- 17:02:05 [INFO] Checking for updates 17:02:05 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:02:05 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:02:05 [INFO] Check for updates complete (68 ms) 17:02:05 [INFO] 17:02:05 17:02:05 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:02:05 17:02:05 17:02:05 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:02:05 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:02:05 17:02:05 💖 Sponsor: https://github.com/sponsors/jeremylong 17:02:05 17:02:05 17:02:05 [INFO] Analysis Started 17:02:05 [INFO] Finished Archive Analyzer (0 seconds) 17:02:05 [INFO] Finished File Name Analyzer (0 seconds) 17:02:05 [INFO] Finished Jar Analyzer (0 seconds) 17:02:05 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:02:05 [INFO] Finished Hint Analyzer (0 seconds) 17:02:05 [INFO] Finished Version Filter Analyzer (0 seconds) 17:02:06 [INFO] Created CPE Index (1 seconds) 17:02:06 [INFO] Finished CPE Analyzer (1 seconds) 17:02:06 [INFO] Finished False Positive Analyzer (0 seconds) 17:02:06 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:02:06 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:02:06 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:02:06 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:02:06 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:02:06 17:02:06 17:02:06 ## Recommendation 17:02:06 17:02:06 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:02:06 17:02:06 The following template can be used to demonstrate the vulnerability: 17:02:06 ```{{#with "constructor"}} 17:02:06 {{#with split as |a|}} 17:02:06 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:02:06 {{#with (concat (lookup join (slice 0 1)))}} 17:02:06 {{#each (slice 2 3)}} 17:02:06 {{#with (apply 0 a)}} 17:02:06 {{.}} 17:02:06 {{/with}} 17:02:06 {{/each}} 17:02:06 {{/with}} 17:02:06 {{/with}} 17:02:06 {{/with}}``` 17:02:06 17:02:06 17:02:06 ## Recommendation 17:02:06 17:02:06 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:06 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:02:07 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:02:07 [INFO] Analysis Complete (1 seconds) 17:02:07 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:02:07 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:02:07 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:02:07 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:02:07 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:07 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:07 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:07 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:07 [INFO] 17:02:07 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 17:02:07 [INFO] Building dependencies.lucene 1.0 [19/69] 17:02:07 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:07 [INFO] 17:02:07 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.lucene --- 17:02:07 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 17:02:07 [INFO] 17:02:07 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 17:02:07 [INFO] 17:02:07 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.lucene --- 17:02:07 [INFO] Executing tasks 17:02:12 [INFO] Executed tasks 17:02:12 [INFO] 17:02:12 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.lucene --- 17:02:12 [INFO] Checking for updates 17:02:12 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:02:12 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:02:12 [INFO] Check for updates complete (77 ms) 17:02:12 [INFO] 17:02:12 17:02:12 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:02:12 17:02:12 17:02:12 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:02:12 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:02:12 17:02:12 💖 Sponsor: https://github.com/sponsors/jeremylong 17:02:12 17:02:12 17:02:12 [INFO] Analysis Started 17:02:12 [INFO] Finished Archive Analyzer (0 seconds) 17:02:12 [INFO] Finished File Name Analyzer (0 seconds) 17:02:12 [INFO] Finished Jar Analyzer (0 seconds) 17:02:12 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:02:12 [INFO] Finished Hint Analyzer (0 seconds) 17:02:12 [INFO] Finished Version Filter Analyzer (0 seconds) 17:02:14 [INFO] Created CPE Index (1 seconds) 17:02:14 [INFO] Finished CPE Analyzer (1 seconds) 17:02:14 [INFO] Finished False Positive Analyzer (0 seconds) 17:02:14 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:02:14 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:02:14 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:02:14 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:02:14 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:02:14 17:02:14 17:02:14 ## Recommendation 17:02:14 17:02:14 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:02:14 17:02:14 The following template can be used to demonstrate the vulnerability: 17:02:14 ```{{#with "constructor"}} 17:02:14 {{#with split as |a|}} 17:02:14 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:02:14 {{#with (concat (lookup join (slice 0 1)))}} 17:02:14 {{#each (slice 2 3)}} 17:02:14 {{#with (apply 0 a)}} 17:02:14 {{.}} 17:02:14 {{/with}} 17:02:14 {{/each}} 17:02:14 {{/with}} 17:02:14 {{/with}} 17:02:14 {{/with}}``` 17:02:14 17:02:14 17:02:14 ## Recommendation 17:02:14 17:02:14 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:02:14 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:02:14 [INFO] Analysis Complete (1 seconds) 17:02:14 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:02:14 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:02:14 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:02:14 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:02:14 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:14 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:14 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:14 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:14 [INFO] 17:02:14 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 17:02:14 [INFO] Building dependencies.openapi4j 1.0 [20/69] 17:02:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:14 [INFO] 17:02:14 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- 17:02:14 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 17:02:14 [INFO] 17:02:14 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 17:02:14 [INFO] 17:02:14 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- 17:02:14 [INFO] Executing tasks 17:02:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar 17:02:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar 17:02:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar 17:02:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar 17:02:14 [INFO] Executed tasks 17:02:14 [INFO] 17:02:14 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.openapi4j --- 17:02:14 [INFO] Executing tasks 17:02:19 [INFO] Executed tasks 17:02:19 [INFO] 17:02:19 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.openapi4j --- 17:02:19 [INFO] Checking for updates 17:02:19 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:02:19 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:02:19 [INFO] Check for updates complete (78 ms) 17:02:20 [INFO] 17:02:20 17:02:20 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:02:20 17:02:20 17:02:20 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:02:20 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:02:20 17:02:20 💖 Sponsor: https://github.com/sponsors/jeremylong 17:02:20 17:02:20 17:02:20 [INFO] Analysis Started 17:02:20 [INFO] Finished Archive Analyzer (0 seconds) 17:02:20 [INFO] Finished File Name Analyzer (0 seconds) 17:02:20 [INFO] Finished Jar Analyzer (0 seconds) 17:02:20 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:02:20 [INFO] Finished Hint Analyzer (0 seconds) 17:02:20 [INFO] Finished Version Filter Analyzer (0 seconds) 17:02:21 [INFO] Created CPE Index (1 seconds) 17:02:21 [INFO] Finished CPE Analyzer (1 seconds) 17:02:21 [INFO] Finished False Positive Analyzer (0 seconds) 17:02:21 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:02:21 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:02:21 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:02:21 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:02:21 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:02:21 17:02:21 17:02:21 ## Recommendation 17:02:21 17:02:21 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:02:21 17:02:21 The following template can be used to demonstrate the vulnerability: 17:02:21 ```{{#with "constructor"}} 17:02:21 {{#with split as |a|}} 17:02:21 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:02:21 {{#with (concat (lookup join (slice 0 1)))}} 17:02:21 {{#each (slice 2 3)}} 17:02:21 {{#with (apply 0 a)}} 17:02:21 {{.}} 17:02:21 {{/with}} 17:02:21 {{/each}} 17:02:21 {{/with}} 17:02:21 {{/with}} 17:02:21 {{/with}}``` 17:02:21 17:02:21 17:02:21 ## Recommendation 17:02:21 17:02:21 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:02:21 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:02:21 [INFO] Analysis Complete (1 seconds) 17:02:21 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:02:21 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:02:21 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:02:21 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:02:21 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:21 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:21 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:21 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:21 [INFO] 17:02:21 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 17:02:21 [INFO] Building dependencies.opensaml 1.0 [21/69] 17:02:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:21 [INFO] 17:02:21 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- 17:02:21 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 17:02:21 [INFO] 17:02:21 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 17:02:21 [INFO] 17:02:21 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.opensaml --- 17:02:21 [INFO] Executing tasks 17:02:26 [INFO] Executed tasks 17:02:26 [INFO] 17:02:26 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.opensaml --- 17:02:27 [INFO] Checking for updates 17:02:27 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:02:27 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:02:27 [INFO] Check for updates complete (73 ms) 17:02:27 [INFO] 17:02:27 17:02:27 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:02:27 17:02:27 17:02:27 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:02:27 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:02:27 17:02:27 💖 Sponsor: https://github.com/sponsors/jeremylong 17:02:27 17:02:27 17:02:27 [INFO] Analysis Started 17:02:27 [INFO] Finished Archive Analyzer (0 seconds) 17:02:27 [INFO] Finished File Name Analyzer (0 seconds) 17:02:27 [INFO] Finished Jar Analyzer (0 seconds) 17:02:27 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:02:27 [INFO] Finished Hint Analyzer (0 seconds) 17:02:27 [INFO] Finished Version Filter Analyzer (0 seconds) 17:02:28 [INFO] Created CPE Index (1 seconds) 17:02:29 [INFO] Finished CPE Analyzer (1 seconds) 17:02:29 [INFO] Finished False Positive Analyzer (0 seconds) 17:02:29 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:02:29 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:02:29 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:02:29 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:02:29 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:02:29 17:02:29 17:02:29 ## Recommendation 17:02:29 17:02:29 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:02:29 17:02:29 The following template can be used to demonstrate the vulnerability: 17:02:29 ```{{#with "constructor"}} 17:02:29 {{#with split as |a|}} 17:02:29 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:02:29 {{#with (concat (lookup join (slice 0 1)))}} 17:02:29 {{#each (slice 2 3)}} 17:02:29 {{#with (apply 0 a)}} 17:02:29 {{.}} 17:02:29 {{/with}} 17:02:29 {{/each}} 17:02:29 {{/with}} 17:02:29 {{/with}} 17:02:29 {{/with}}``` 17:02:29 17:02:29 17:02:29 ## Recommendation 17:02:29 17:02:29 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:29 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:02:29 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:02:29 [INFO] Analysis Complete (1 seconds) 17:02:29 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:02:29 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:02:29 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:02:29 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:02:29 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:29 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:29 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:29 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:29 [INFO] 17:02:29 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 17:02:29 [INFO] Building dependencies.pdf 1.0 [22/69] 17:02:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:29 [INFO] 17:02:29 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.pdf --- 17:02:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 17:02:29 [INFO] 17:02:29 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 17:02:29 [INFO] 17:02:29 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.pdf --- 17:02:29 [INFO] Executing tasks 17:02:34 [INFO] Executed tasks 17:02:34 [INFO] 17:02:34 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.pdf --- 17:02:34 [INFO] Checking for updates 17:02:34 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:02:34 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:02:34 [INFO] Check for updates complete (78 ms) 17:02:34 [INFO] 17:02:34 17:02:34 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:02:34 17:02:34 17:02:34 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:02:34 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:02:34 17:02:34 💖 Sponsor: https://github.com/sponsors/jeremylong 17:02:34 17:02:34 17:02:34 [INFO] Analysis Started 17:02:34 [INFO] Finished Archive Analyzer (0 seconds) 17:02:34 [INFO] Finished File Name Analyzer (0 seconds) 17:02:34 [INFO] Finished Jar Analyzer (0 seconds) 17:02:34 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:02:34 [INFO] Finished Hint Analyzer (0 seconds) 17:02:34 [INFO] Finished Version Filter Analyzer (0 seconds) 17:02:36 [INFO] Created CPE Index (1 seconds) 17:02:36 [INFO] Finished CPE Analyzer (1 seconds) 17:02:36 [INFO] Finished False Positive Analyzer (0 seconds) 17:02:36 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:02:36 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:02:36 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:02:36 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:02:36 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:02:36 17:02:36 17:02:36 ## Recommendation 17:02:36 17:02:36 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:02:36 17:02:36 The following template can be used to demonstrate the vulnerability: 17:02:36 ```{{#with "constructor"}} 17:02:36 {{#with split as |a|}} 17:02:36 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:02:36 {{#with (concat (lookup join (slice 0 1)))}} 17:02:36 {{#each (slice 2 3)}} 17:02:36 {{#with (apply 0 a)}} 17:02:36 {{.}} 17:02:36 {{/with}} 17:02:36 {{/each}} 17:02:36 {{/with}} 17:02:36 {{/with}} 17:02:36 {{/with}}``` 17:02:36 17:02:36 17:02:36 ## Recommendation 17:02:36 17:02:36 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:36 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:02:36 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:02:36 [INFO] Analysis Complete (1 seconds) 17:02:36 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:02:36 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:02:36 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:02:36 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:02:36 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:36 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:36 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:36 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:36 [INFO] 17:02:36 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 17:02:36 [INFO] Building dependencies.redis 1.0 [23/69] 17:02:36 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:36 [INFO] 17:02:36 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.redis --- 17:02:36 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 17:02:36 [INFO] 17:02:36 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 17:02:36 [INFO] 17:02:36 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.redis --- 17:02:36 [INFO] Executing tasks 17:02:41 [INFO] Executed tasks 17:02:41 [INFO] 17:02:41 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.redis --- 17:02:41 [INFO] Checking for updates 17:02:41 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:02:41 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:02:41 [INFO] Check for updates complete (77 ms) 17:02:42 [INFO] 17:02:42 17:02:42 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:02:42 17:02:42 17:02:42 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:02:42 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:02:42 17:02:42 💖 Sponsor: https://github.com/sponsors/jeremylong 17:02:42 17:02:42 17:02:42 [INFO] Analysis Started 17:02:42 [INFO] Finished Archive Analyzer (0 seconds) 17:02:42 [INFO] Finished File Name Analyzer (0 seconds) 17:02:42 [INFO] Finished Jar Analyzer (0 seconds) 17:02:42 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:02:42 [INFO] Finished Hint Analyzer (0 seconds) 17:02:42 [INFO] Finished Version Filter Analyzer (0 seconds) 17:02:43 [INFO] Created CPE Index (1 seconds) 17:02:43 [INFO] Finished CPE Analyzer (1 seconds) 17:02:43 [INFO] Finished False Positive Analyzer (0 seconds) 17:02:43 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:02:43 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:02:43 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:02:43 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:02:43 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:02:43 17:02:43 17:02:43 ## Recommendation 17:02:43 17:02:43 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:02:43 17:02:43 The following template can be used to demonstrate the vulnerability: 17:02:43 ```{{#with "constructor"}} 17:02:43 {{#with split as |a|}} 17:02:43 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:02:43 {{#with (concat (lookup join (slice 0 1)))}} 17:02:43 {{#each (slice 2 3)}} 17:02:43 {{#with (apply 0 a)}} 17:02:43 {{.}} 17:02:43 {{/with}} 17:02:43 {{/each}} 17:02:43 {{/with}} 17:02:43 {{/with}} 17:02:43 {{/with}}``` 17:02:43 17:02:43 17:02:43 ## Recommendation 17:02:43 17:02:43 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:43 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:02:43 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:02:43 [INFO] Analysis Complete (1 seconds) 17:02:44 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:02:44 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:02:44 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:02:44 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:02:44 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:44 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:44 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:44 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:44 [INFO] 17:02:44 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 17:02:44 [INFO] Building dependencies.reports 1.0 [24/69] 17:02:44 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:44 [INFO] 17:02:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.reports --- 17:02:44 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 17:02:44 [INFO] 17:02:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 17:02:44 [INFO] 17:02:44 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.reports --- 17:02:44 [INFO] Executing tasks 17:02:49 [INFO] Executed tasks 17:02:49 [INFO] 17:02:49 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.reports --- 17:02:49 [INFO] Checking for updates 17:02:49 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:02:49 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:02:49 [INFO] Check for updates complete (78 ms) 17:02:49 [INFO] 17:02:49 17:02:49 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:02:49 17:02:49 17:02:49 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:02:49 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:02:49 17:02:49 💖 Sponsor: https://github.com/sponsors/jeremylong 17:02:49 17:02:49 17:02:49 [INFO] Analysis Started 17:02:49 [INFO] Finished Archive Analyzer (0 seconds) 17:02:49 [INFO] Finished File Name Analyzer (0 seconds) 17:02:49 [INFO] Finished Jar Analyzer (0 seconds) 17:02:49 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:02:49 [INFO] Finished Hint Analyzer (0 seconds) 17:02:49 [INFO] Finished Version Filter Analyzer (0 seconds) 17:02:50 [INFO] Created CPE Index (1 seconds) 17:02:51 [INFO] Finished CPE Analyzer (1 seconds) 17:02:51 [INFO] Finished False Positive Analyzer (0 seconds) 17:02:51 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:02:51 [INFO] Finished RetireJS Analyzer (0 seconds) 17:02:51 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:02:51 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:02:51 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:02:51 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:02:51 17:02:51 17:02:51 ## Recommendation 17:02:51 17:02:51 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:02:51 17:02:51 The following template can be used to demonstrate the vulnerability: 17:02:51 ```{{#with "constructor"}} 17:02:51 {{#with split as |a|}} 17:02:51 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:02:51 {{#with (concat (lookup join (slice 0 1)))}} 17:02:51 {{#each (slice 2 3)}} 17:02:51 {{#with (apply 0 a)}} 17:02:51 {{.}} 17:02:51 {{/with}} 17:02:51 {{/each}} 17:02:51 {{/with}} 17:02:51 {{/with}} 17:02:51 {{/with}}``` 17:02:51 17:02:51 17:02:51 ## Recommendation 17:02:51 17:02:51 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:51 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:02:51 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:02:51 [INFO] Analysis Complete (1 seconds) 17:02:51 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:02:51 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:02:51 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:02:51 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:02:51 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:51 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:51 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:51 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:51 [INFO] 17:02:51 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 17:02:51 [INFO] Building dependencies.saaj 1.0 [25/69] 17:02:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:51 [INFO] 17:02:51 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.saaj --- 17:02:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 17:02:51 [INFO] 17:02:51 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 17:02:51 [INFO] 17:02:51 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- 17:02:51 [INFO] Executing tasks 17:02:51 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-1.5.3.jar 17:02:51 [INFO] Executed tasks 17:02:51 [INFO] 17:02:51 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.saaj --- 17:02:51 [INFO] Executing tasks 17:02:56 [INFO] Executed tasks 17:02:56 [INFO] 17:02:56 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.saaj --- 17:02:56 [INFO] Checking for updates 17:02:56 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:02:56 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:02:56 [INFO] Check for updates complete (80 ms) 17:02:56 [INFO] 17:02:56 17:02:56 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:02:56 17:02:56 17:02:56 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:02:56 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:02:56 17:02:56 💖 Sponsor: https://github.com/sponsors/jeremylong 17:02:56 17:02:56 17:02:56 [INFO] Analysis Started 17:02:56 [INFO] Finished Archive Analyzer (0 seconds) 17:02:56 [INFO] Finished File Name Analyzer (0 seconds) 17:02:56 [INFO] Finished Jar Analyzer (0 seconds) 17:02:56 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:02:56 [INFO] Finished Hint Analyzer (0 seconds) 17:02:56 [INFO] Finished Version Filter Analyzer (0 seconds) 17:02:58 [INFO] Created CPE Index (1 seconds) 17:02:58 [INFO] Finished CPE Analyzer (1 seconds) 17:02:58 [INFO] Finished False Positive Analyzer (0 seconds) 17:02:58 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:02:58 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:02:58 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:02:58 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:02:58 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:02:58 17:02:58 17:02:58 ## Recommendation 17:02:58 17:02:58 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:02:58 17:02:58 The following template can be used to demonstrate the vulnerability: 17:02:58 ```{{#with "constructor"}} 17:02:58 {{#with split as |a|}} 17:02:58 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:02:58 {{#with (concat (lookup join (slice 0 1)))}} 17:02:58 {{#each (slice 2 3)}} 17:02:58 {{#with (apply 0 a)}} 17:02:58 {{.}} 17:02:58 {{/with}} 17:02:58 {{/each}} 17:02:58 {{/with}} 17:02:58 {{/with}} 17:02:58 {{/with}}``` 17:02:58 17:02:58 17:02:58 ## Recommendation 17:02:58 17:02:58 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:02:58 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:02:58 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:02:58 [INFO] Analysis Complete (1 seconds) 17:02:58 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:02:58 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:02:58 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:02:58 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:02:58 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:02:58 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:02:58 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:02:58 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:02:58 [INFO] 17:02:58 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 17:02:58 [INFO] Building dependencies.security 1.0 [26/69] 17:02:58 [INFO] --------------------------------[ pom ]--------------------------------- 17:02:58 [INFO] 17:02:58 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.security --- 17:02:58 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 17:02:58 [INFO] 17:02:58 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 17:02:58 [INFO] 17:02:58 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.security --- 17:02:58 [INFO] Executing tasks 17:02:58 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/security/xmlsec-2.3.4.jar 17:02:58 [INFO] Executed tasks 17:02:58 [INFO] 17:02:58 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.security --- 17:02:58 [INFO] Executing tasks 17:03:03 [INFO] Executed tasks 17:03:03 [INFO] 17:03:03 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.security --- 17:03:03 [INFO] Checking for updates 17:03:03 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:03:03 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:03:03 [INFO] Check for updates complete (77 ms) 17:03:04 [INFO] 17:03:04 17:03:04 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:03:04 17:03:04 17:03:04 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:03:04 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:03:04 17:03:04 💖 Sponsor: https://github.com/sponsors/jeremylong 17:03:04 17:03:04 17:03:04 [INFO] Analysis Started 17:03:04 [INFO] Finished Archive Analyzer (0 seconds) 17:03:04 [INFO] Finished File Name Analyzer (0 seconds) 17:03:04 [INFO] Finished Jar Analyzer (0 seconds) 17:03:04 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:03:04 [INFO] Finished Hint Analyzer (0 seconds) 17:03:04 [INFO] Finished Version Filter Analyzer (0 seconds) 17:03:05 [INFO] Created CPE Index (1 seconds) 17:03:05 [INFO] Finished CPE Analyzer (1 seconds) 17:03:05 [INFO] Finished False Positive Analyzer (0 seconds) 17:03:05 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:03:05 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:03:05 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:03:05 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:03:05 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:03:05 17:03:05 17:03:05 ## Recommendation 17:03:05 17:03:05 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:03:05 17:03:05 The following template can be used to demonstrate the vulnerability: 17:03:05 ```{{#with "constructor"}} 17:03:05 {{#with split as |a|}} 17:03:05 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:03:05 {{#with (concat (lookup join (slice 0 1)))}} 17:03:05 {{#each (slice 2 3)}} 17:03:05 {{#with (apply 0 a)}} 17:03:05 {{.}} 17:03:05 {{/with}} 17:03:05 {{/each}} 17:03:05 {{/with}} 17:03:05 {{/with}} 17:03:05 {{/with}}``` 17:03:05 17:03:05 17:03:05 ## Recommendation 17:03:05 17:03:05 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:05 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:03:05 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:03:06 [INFO] Analysis Complete (1 seconds) 17:03:06 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:03:06 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:03:06 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:03:06 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:03:06 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:03:06 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:03:06 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:03:06 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:03:06 [INFO] 17:03:06 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 17:03:06 [INFO] Building dependencies.shared 1.0 [27/69] 17:03:06 [INFO] --------------------------------[ pom ]--------------------------------- 17:03:06 [INFO] 17:03:06 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.shared --- 17:03:06 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 17:03:06 [INFO] 17:03:06 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 17:03:06 [INFO] 17:03:06 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- 17:03:06 [INFO] Executing tasks 17:03:06 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/commons-jcs3-core-3.1.jar 17:03:06 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-11.4.jar 17:03:06 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-1.33.jar 17:03:06 [INFO] Executed tasks 17:03:06 [INFO] 17:03:06 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.shared --- 17:03:06 [INFO] Executing tasks 17:03:11 [INFO] Executed tasks 17:03:11 [INFO] 17:03:11 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.shared --- 17:03:11 [INFO] Checking for updates 17:03:11 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:03:11 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:03:11 [INFO] Check for updates complete (69 ms) 17:03:11 [INFO] 17:03:11 17:03:11 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:03:11 17:03:11 17:03:11 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:03:11 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:03:11 17:03:11 💖 Sponsor: https://github.com/sponsors/jeremylong 17:03:11 17:03:11 17:03:11 [INFO] Analysis Started 17:03:12 [INFO] Finished Archive Analyzer (1 seconds) 17:03:12 [INFO] Finished File Name Analyzer (0 seconds) 17:03:13 [INFO] Finished Jar Analyzer (0 seconds) 17:03:13 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:03:13 [INFO] Finished Hint Analyzer (0 seconds) 17:03:13 [INFO] Finished Version Filter Analyzer (0 seconds) 17:03:14 [INFO] Created CPE Index (1 seconds) 17:03:15 [INFO] Finished CPE Analyzer (2 seconds) 17:03:15 [INFO] Finished False Positive Analyzer (0 seconds) 17:03:15 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:03:15 [INFO] Finished RetireJS Analyzer (0 seconds) 17:03:15 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:03:15 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:03:15 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:03:15 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:03:15 17:03:15 17:03:15 ## Recommendation 17:03:15 17:03:15 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:03:15 17:03:15 The following template can be used to demonstrate the vulnerability: 17:03:15 ```{{#with "constructor"}} 17:03:15 {{#with split as |a|}} 17:03:15 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:03:15 {{#with (concat (lookup join (slice 0 1)))}} 17:03:15 {{#each (slice 2 3)}} 17:03:15 {{#with (apply 0 a)}} 17:03:15 {{.}} 17:03:15 {{/with}} 17:03:15 {{/each}} 17:03:15 {{/with}} 17:03:15 {{/with}} 17:03:15 {{/with}}``` 17:03:15 17:03:15 17:03:15 ## Recommendation 17:03:15 17:03:15 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:15 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:03:15 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:03:15 [INFO] Analysis Complete (3 seconds) 17:03:15 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:03:15 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:03:15 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:03:15 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:03:15 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:03:15 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:03:15 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:03:15 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:03:15 [INFO] 17:03:15 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 17:03:15 [INFO] Building dependencies.spring 1.0 [28/69] 17:03:15 [INFO] --------------------------------[ pom ]--------------------------------- 17:03:15 [INFO] 17:03:15 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring --- 17:03:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 17:03:15 [INFO] 17:03:15 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 17:03:15 [INFO] 17:03:15 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.spring --- 17:03:15 [INFO] Executing tasks 17:03:15 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-beans-5.3.39.jar 17:03:15 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-5.3.39.jar 17:03:15 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-support-5.3.39.jar 17:03:15 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-core-5.3.39.jar 17:03:15 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-expression-5.3.39.jar 17:03:15 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-web-5.3.39.jar 17:03:15 [INFO] Executed tasks 17:03:15 [INFO] 17:03:15 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring --- 17:03:15 [INFO] Executing tasks 17:03:20 [INFO] Executed tasks 17:03:20 [INFO] 17:03:20 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.spring --- 17:03:21 [INFO] Checking for updates 17:03:21 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:03:21 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:03:21 [INFO] Check for updates complete (81 ms) 17:03:21 [INFO] 17:03:21 17:03:21 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:03:21 17:03:21 17:03:21 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:03:21 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:03:21 17:03:21 💖 Sponsor: https://github.com/sponsors/jeremylong 17:03:21 17:03:21 17:03:21 [INFO] Analysis Started 17:03:21 [INFO] Finished Archive Analyzer (0 seconds) 17:03:21 [INFO] Finished File Name Analyzer (0 seconds) 17:03:21 [INFO] Finished Jar Analyzer (0 seconds) 17:03:21 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:03:21 [INFO] Finished Hint Analyzer (0 seconds) 17:03:21 [INFO] Finished Version Filter Analyzer (0 seconds) 17:03:23 [INFO] Created CPE Index (1 seconds) 17:03:23 [INFO] Finished CPE Analyzer (1 seconds) 17:03:23 [INFO] Finished False Positive Analyzer (0 seconds) 17:03:23 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:03:23 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:03:23 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:03:23 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:03:23 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:03:23 17:03:23 17:03:23 ## Recommendation 17:03:23 17:03:23 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:03:23 17:03:23 The following template can be used to demonstrate the vulnerability: 17:03:23 ```{{#with "constructor"}} 17:03:23 {{#with split as |a|}} 17:03:23 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:03:23 {{#with (concat (lookup join (slice 0 1)))}} 17:03:23 {{#each (slice 2 3)}} 17:03:23 {{#with (apply 0 a)}} 17:03:23 {{.}} 17:03:23 {{/with}} 17:03:23 {{/each}} 17:03:23 {{/with}} 17:03:23 {{/with}} 17:03:23 {{/with}}``` 17:03:23 17:03:23 17:03:23 ## Recommendation 17:03:23 17:03:23 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:23 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:23 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:03:23 [INFO] Analysis Complete (2 seconds) 17:03:23 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:03:23 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:03:23 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:03:23 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:03:23 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:03:23 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:03:23 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:03:23 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:03:23 [INFO] 17:03:23 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 17:03:23 [INFO] Building dependencies.spring-ldap 1.0 [29/69] 17:03:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:03:23 [INFO] 17:03:23 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- 17:03:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 17:03:23 [INFO] 17:03:23 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 17:03:23 [INFO] 17:03:23 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-ldap --- 17:03:23 [INFO] Executing tasks 17:03:28 [INFO] Executed tasks 17:03:28 [INFO] 17:03:28 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.spring-ldap --- 17:03:28 [INFO] Checking for updates 17:03:28 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:03:28 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:03:28 [INFO] Check for updates complete (86 ms) 17:03:29 [INFO] 17:03:29 17:03:29 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:03:29 17:03:29 17:03:29 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:03:29 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:03:29 17:03:29 💖 Sponsor: https://github.com/sponsors/jeremylong 17:03:29 17:03:29 17:03:29 [INFO] Analysis Started 17:03:29 [INFO] Finished Archive Analyzer (0 seconds) 17:03:29 [INFO] Finished File Name Analyzer (0 seconds) 17:03:29 [INFO] Finished Jar Analyzer (0 seconds) 17:03:29 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:03:29 [INFO] Finished Hint Analyzer (0 seconds) 17:03:29 [INFO] Finished Version Filter Analyzer (0 seconds) 17:03:30 [INFO] Created CPE Index (1 seconds) 17:03:30 [INFO] Finished CPE Analyzer (1 seconds) 17:03:30 [INFO] Finished False Positive Analyzer (0 seconds) 17:03:30 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:03:30 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:03:30 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:03:30 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:03:30 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:03:30 17:03:30 17:03:30 ## Recommendation 17:03:30 17:03:30 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:03:30 17:03:30 The following template can be used to demonstrate the vulnerability: 17:03:30 ```{{#with "constructor"}} 17:03:30 {{#with split as |a|}} 17:03:30 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:03:30 {{#with (concat (lookup join (slice 0 1)))}} 17:03:30 {{#each (slice 2 3)}} 17:03:30 {{#with (apply 0 a)}} 17:03:30 {{.}} 17:03:30 {{/with}} 17:03:30 {{/each}} 17:03:30 {{/with}} 17:03:30 {{/with}} 17:03:30 {{/with}}``` 17:03:30 17:03:30 17:03:30 ## Recommendation 17:03:30 17:03:30 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:30 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:03:30 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:03:30 [INFO] Analysis Complete (1 seconds) 17:03:30 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:03:30 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:03:30 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:03:30 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:03:30 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:03:30 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:03:30 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:03:30 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:03:30 [INFO] 17:03:30 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 17:03:30 [INFO] Building dependencies.spring-security 1.0 [30/69] 17:03:30 [INFO] --------------------------------[ pom ]--------------------------------- 17:03:30 [INFO] 17:03:30 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- 17:03:30 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 17:03:30 [INFO] 17:03:30 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 17:03:31 [INFO] 17:03:31 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-security --- 17:03:31 [INFO] Executing tasks 17:03:36 [INFO] Executed tasks 17:03:36 [INFO] 17:03:36 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.spring-security --- 17:03:36 [INFO] Checking for updates 17:03:36 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:03:36 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:03:36 [INFO] Check for updates complete (80 ms) 17:03:36 [INFO] 17:03:36 17:03:36 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:03:36 17:03:36 17:03:36 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:03:36 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:03:36 17:03:36 💖 Sponsor: https://github.com/sponsors/jeremylong 17:03:36 17:03:36 17:03:36 [INFO] Analysis Started 17:03:36 [INFO] Finished Archive Analyzer (0 seconds) 17:03:36 [INFO] Finished File Name Analyzer (0 seconds) 17:03:36 [INFO] Finished Jar Analyzer (0 seconds) 17:03:36 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:03:36 [INFO] Finished Hint Analyzer (0 seconds) 17:03:36 [INFO] Finished Version Filter Analyzer (0 seconds) 17:03:37 [INFO] Created CPE Index (1 seconds) 17:03:38 [INFO] Finished CPE Analyzer (1 seconds) 17:03:38 [INFO] Finished False Positive Analyzer (0 seconds) 17:03:38 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:03:38 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:03:38 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:03:38 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:03:38 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:03:38 17:03:38 17:03:38 ## Recommendation 17:03:38 17:03:38 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:03:38 17:03:38 The following template can be used to demonstrate the vulnerability: 17:03:38 ```{{#with "constructor"}} 17:03:38 {{#with split as |a|}} 17:03:38 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:03:38 {{#with (concat (lookup join (slice 0 1)))}} 17:03:38 {{#each (slice 2 3)}} 17:03:38 {{#with (apply 0 a)}} 17:03:38 {{.}} 17:03:38 {{/with}} 17:03:38 {{/each}} 17:03:38 {{/with}} 17:03:38 {{/with}} 17:03:38 {{/with}}``` 17:03:38 17:03:38 17:03:38 ## Recommendation 17:03:38 17:03:38 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:38 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:03:38 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:03:38 [INFO] Analysis Complete (1 seconds) 17:03:38 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:03:38 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:03:38 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:03:38 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:03:38 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:03:38 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:03:38 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:03:38 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:03:38 [INFO] 17:03:38 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 17:03:38 [INFO] Building dependencies.swagger 1.0 [31/69] 17:03:38 [INFO] --------------------------------[ pom ]--------------------------------- 17:03:38 [INFO] 17:03:38 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.swagger --- 17:03:38 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 17:03:38 [INFO] 17:03:38 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 17:03:38 [INFO] 17:03:38 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- 17:03:38 [INFO] Executing tasks 17:03:38 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.6.jar 17:03:38 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.30.0.jar 17:03:38 [INFO] Executed tasks 17:03:38 [INFO] 17:03:38 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.swagger --- 17:03:38 [INFO] Executing tasks 17:03:43 [INFO] Executed tasks 17:03:43 [INFO] 17:03:43 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.swagger --- 17:03:43 [INFO] Checking for updates 17:03:43 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:03:43 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:03:43 [INFO] Check for updates complete (75 ms) 17:03:43 [INFO] 17:03:43 17:03:43 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:03:43 17:03:43 17:03:43 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:03:43 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:03:43 17:03:43 💖 Sponsor: https://github.com/sponsors/jeremylong 17:03:43 17:03:43 17:03:43 [INFO] Analysis Started 17:03:44 [INFO] Finished Archive Analyzer (0 seconds) 17:03:44 [INFO] Finished File Name Analyzer (0 seconds) 17:03:44 [INFO] Finished Jar Analyzer (0 seconds) 17:03:44 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:03:44 [INFO] Finished Hint Analyzer (0 seconds) 17:03:44 [INFO] Finished Version Filter Analyzer (0 seconds) 17:03:45 [INFO] Created CPE Index (1 seconds) 17:03:45 [INFO] Finished CPE Analyzer (1 seconds) 17:03:45 [INFO] Finished False Positive Analyzer (0 seconds) 17:03:45 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:03:54 [INFO] Finished RetireJS Analyzer (8 seconds) 17:03:54 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:03:54 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:03:54 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:03:54 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:03:54 17:03:54 17:03:54 ## Recommendation 17:03:54 17:03:54 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:03:54 17:03:54 The following template can be used to demonstrate the vulnerability: 17:03:54 ```{{#with "constructor"}} 17:03:54 {{#with split as |a|}} 17:03:54 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:03:54 {{#with (concat (lookup join (slice 0 1)))}} 17:03:54 {{#each (slice 2 3)}} 17:03:54 {{#with (apply 0 a)}} 17:03:54 {{.}} 17:03:54 {{/with}} 17:03:54 {{/each}} 17:03:54 {{/with}} 17:03:54 {{/with}} 17:03:54 {{/with}}``` 17:03:54 17:03:54 17:03:54 ## Recommendation 17:03:54 17:03:54 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:03:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:03:54 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:03:54 [INFO] Analysis Complete (10 seconds) 17:03:54 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:03:54 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:03:54 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:03:54 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:03:54 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:03:54 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:03:54 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:03:54 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:03:54 [INFO] 17:03:54 [INFO] ----------------< org.openspcoop2:org.openspcoop2.wadl >---------------- 17:03:54 [INFO] Building dependencies.wadl 1.0 [32/69] 17:03:54 [INFO] --------------------------------[ pom ]--------------------------------- 17:03:54 [INFO] 17:03:54 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wadl --- 17:03:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wadl (includes = [*.jar], excludes = []) 17:03:54 [INFO] 17:03:54 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wadl --- 17:03:54 [INFO] 17:03:54 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.wadl --- 17:03:54 [INFO] Executing tasks 17:03:59 [INFO] Executed tasks 17:03:59 [INFO] 17:03:59 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.wadl --- 17:03:59 [INFO] Checking for updates 17:03:59 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:03:59 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:03:59 [INFO] Check for updates complete (80 ms) 17:03:59 [INFO] 17:03:59 17:03:59 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:03:59 17:03:59 17:03:59 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:03:59 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:03:59 17:03:59 💖 Sponsor: https://github.com/sponsors/jeremylong 17:03:59 17:03:59 17:03:59 [INFO] Analysis Started 17:03:59 [INFO] Finished Archive Analyzer (0 seconds) 17:03:59 [INFO] Finished File Name Analyzer (0 seconds) 17:03:59 [INFO] Finished Jar Analyzer (0 seconds) 17:03:59 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:03:59 [INFO] Finished Hint Analyzer (0 seconds) 17:03:59 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:01 [INFO] Created CPE Index (1 seconds) 17:04:01 [INFO] Finished CPE Analyzer (1 seconds) 17:04:01 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:01 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:01 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:01 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:01 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:01 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:04:01 17:04:01 17:04:01 ## Recommendation 17:04:01 17:04:01 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:04:01 17:04:01 The following template can be used to demonstrate the vulnerability: 17:04:01 ```{{#with "constructor"}} 17:04:01 {{#with split as |a|}} 17:04:01 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:04:01 {{#with (concat (lookup join (slice 0 1)))}} 17:04:01 {{#each (slice 2 3)}} 17:04:01 {{#with (apply 0 a)}} 17:04:01 {{.}} 17:04:01 {{/with}} 17:04:01 {{/each}} 17:04:01 {{/with}} 17:04:01 {{/with}} 17:04:01 {{/with}}``` 17:04:01 17:04:01 17:04:01 ## Recommendation 17:04:01 17:04:01 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:01 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:04:01 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:01 [INFO] Analysis Complete (1 seconds) 17:04:01 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:04:01 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:04:01 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:04:01 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:04:01 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:04:01 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:04:01 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:04:01 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:04:01 [INFO] 17:04:01 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 17:04:01 [INFO] Building dependencies.wss4j 1.0 [33/69] 17:04:01 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:01 [INFO] 17:04:01 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- 17:04:01 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 17:04:01 [INFO] 17:04:01 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 17:04:01 [INFO] 17:04:01 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- 17:04:01 [INFO] Executing tasks 17:04:01 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-2.4.1.jar 17:04:01 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-2.4.1.jar 17:04:01 [INFO] Executed tasks 17:04:01 [INFO] 17:04:01 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.wss4j --- 17:04:01 [INFO] Executing tasks 17:04:06 [INFO] Executed tasks 17:04:06 [INFO] 17:04:06 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.wss4j --- 17:04:06 [INFO] Checking for updates 17:04:06 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:04:06 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:04:06 [INFO] Check for updates complete (72 ms) 17:04:06 [INFO] 17:04:06 17:04:06 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:04:06 17:04:06 17:04:06 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:04:06 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:04:06 17:04:06 💖 Sponsor: https://github.com/sponsors/jeremylong 17:04:06 17:04:06 17:04:06 [INFO] Analysis Started 17:04:06 [INFO] Finished Archive Analyzer (0 seconds) 17:04:06 [INFO] Finished File Name Analyzer (0 seconds) 17:04:06 [INFO] Finished Jar Analyzer (0 seconds) 17:04:06 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:04:06 [INFO] Finished Hint Analyzer (0 seconds) 17:04:06 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:08 [INFO] Created CPE Index (1 seconds) 17:04:08 [INFO] Finished CPE Analyzer (1 seconds) 17:04:08 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:08 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:08 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:08 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:08 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:08 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:04:08 17:04:08 17:04:08 ## Recommendation 17:04:08 17:04:08 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:04:08 17:04:08 The following template can be used to demonstrate the vulnerability: 17:04:08 ```{{#with "constructor"}} 17:04:08 {{#with split as |a|}} 17:04:08 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:04:08 {{#with (concat (lookup join (slice 0 1)))}} 17:04:08 {{#each (slice 2 3)}} 17:04:08 {{#with (apply 0 a)}} 17:04:08 {{.}} 17:04:08 {{/with}} 17:04:08 {{/each}} 17:04:08 {{/with}} 17:04:08 {{/with}} 17:04:08 {{/with}}``` 17:04:08 17:04:08 17:04:08 ## Recommendation 17:04:08 17:04:08 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-35116, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:04:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:04:08 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:08 [INFO] Analysis Complete (1 seconds) 17:04:08 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:04:08 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:04:08 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:04:08 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:04:08 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:04:08 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:04:08 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:04:08 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:04:08 [INFO] 17:04:08 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 17:04:08 [INFO] Building dependencies.testsuite 1.0 [34/69] 17:04:08 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:08 [INFO] 17:04:08 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite --- 17:04:08 [INFO] Executing tasks 17:04:13 [INFO] Executed tasks 17:04:13 [INFO] 17:04:13 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite --- 17:04:13 [INFO] Checking for updates 17:04:13 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:04:13 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:04:13 [INFO] Check for updates complete (73 ms) 17:04:14 [INFO] 17:04:14 17:04:14 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:04:14 17:04:14 17:04:14 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:04:14 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:04:14 17:04:14 💖 Sponsor: https://github.com/sponsors/jeremylong 17:04:14 17:04:14 17:04:14 [INFO] Analysis Started 17:04:14 [INFO] Finished File Name Analyzer (0 seconds) 17:04:14 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:04:14 [INFO] Finished Hint Analyzer (0 seconds) 17:04:14 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:15 [INFO] Created CPE Index (1 seconds) 17:04:15 [INFO] Finished CPE Analyzer (1 seconds) 17:04:15 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:15 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:15 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:15 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:15 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:15 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:15 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:15 [INFO] Analysis Complete (1 seconds) 17:04:15 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:04:15 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:04:15 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:04:15 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:04:15 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:04:15 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:04:15 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:04:15 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:04:15 [INFO] 17:04:15 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 17:04:15 [INFO] Building dependencies.testsuite.axis14 1.0 [35/69] 17:04:15 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:15 [INFO] 17:04:15 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 17:04:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = []) 17:04:15 [INFO] 17:04:15 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 17:04:15 [INFO] 17:04:15 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- 17:04:15 [INFO] Executing tasks 17:04:15 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar 17:04:15 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar 17:04:15 [INFO] Executed tasks 17:04:15 [INFO] 17:04:15 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.axis14 --- 17:04:15 [INFO] Executing tasks 17:04:20 [INFO] Executed tasks 17:04:20 [INFO] 17:04:20 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.axis14 --- 17:04:20 [INFO] Checking for updates 17:04:20 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:04:20 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:04:20 [INFO] Check for updates complete (77 ms) 17:04:20 [INFO] 17:04:20 17:04:20 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:04:20 17:04:20 17:04:20 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:04:20 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:04:20 17:04:20 💖 Sponsor: https://github.com/sponsors/jeremylong 17:04:20 17:04:20 17:04:20 [INFO] Analysis Started 17:04:20 [INFO] Finished File Name Analyzer (0 seconds) 17:04:20 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:04:20 [INFO] Finished Hint Analyzer (0 seconds) 17:04:20 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:22 [INFO] Created CPE Index (1 seconds) 17:04:22 [INFO] Finished CPE Analyzer (1 seconds) 17:04:22 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:22 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:22 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:22 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:22 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:22 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:22 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:22 [INFO] Analysis Complete (1 seconds) 17:04:22 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:04:22 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:04:22 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:04:22 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:04:22 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:04:22 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:04:22 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:04:22 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:04:22 [INFO] 17:04:22 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 17:04:22 [INFO] Building dependencies.testsuite.as 1.0 [36/69] 17:04:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:22 [INFO] 17:04:22 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer --- 17:04:22 [INFO] Executing tasks 17:04:27 [INFO] Executed tasks 17:04:27 [INFO] 17:04:27 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer --- 17:04:27 [INFO] Checking for updates 17:04:27 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:04:27 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:04:27 [INFO] Check for updates complete (67 ms) 17:04:28 [INFO] 17:04:28 17:04:28 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:04:28 17:04:28 17:04:28 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:04:28 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:04:28 17:04:28 💖 Sponsor: https://github.com/sponsors/jeremylong 17:04:28 17:04:28 17:04:28 [INFO] Analysis Started 17:04:28 [INFO] Finished File Name Analyzer (0 seconds) 17:04:28 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:04:28 [INFO] Finished Hint Analyzer (0 seconds) 17:04:28 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:29 [INFO] Created CPE Index (1 seconds) 17:04:29 [INFO] Finished CPE Analyzer (1 seconds) 17:04:29 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:29 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:29 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:29 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:29 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:29 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:29 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:29 [INFO] Analysis Complete (1 seconds) 17:04:29 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:04:29 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:04:29 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:04:29 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:04:29 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:04:29 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:04:29 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:04:29 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:04:29 [INFO] 17:04:29 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly9 >-- 17:04:29 [INFO] Building dependencies.testsuite.as.wildfly9 1.0 [37/69] 17:04:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:29 [INFO] 17:04:29 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:04:29 [INFO] 17:04:29 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:04:29 [INFO] org.wildfly:wildfly-client-all:jar:9.0.0.Final already exists in destination. 17:04:29 [INFO] 17:04:29 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:04:29 [INFO] Executing tasks 17:04:34 [INFO] Executed tasks 17:04:34 [INFO] 17:04:34 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:04:34 [INFO] Checking for updates 17:04:34 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:04:34 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:04:34 [INFO] Check for updates complete (83 ms) 17:04:34 [INFO] 17:04:34 17:04:34 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:04:34 17:04:34 17:04:34 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:04:34 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:04:34 17:04:34 💖 Sponsor: https://github.com/sponsors/jeremylong 17:04:34 17:04:34 17:04:34 [INFO] Analysis Started 17:04:34 [INFO] Finished File Name Analyzer (0 seconds) 17:04:34 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:04:34 [INFO] Finished Hint Analyzer (0 seconds) 17:04:34 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:36 [INFO] Created CPE Index (1 seconds) 17:04:36 [INFO] Finished CPE Analyzer (1 seconds) 17:04:36 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:36 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:36 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:36 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:36 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:36 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:36 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:36 [INFO] Analysis Complete (1 seconds) 17:04:36 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:04:36 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:04:36 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:04:36 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:04:36 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:04:36 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:04:36 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:04:36 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:04:36 [INFO] 17:04:36 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly10 >-- 17:04:36 [INFO] Building dependencies.testsuite.as.wildfly10 1.0 [38/69] 17:04:36 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:36 [INFO] 17:04:36 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:04:36 [INFO] 17:04:36 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:04:36 [INFO] org.wildfly:wildfly-client-all:jar:10.0.0.Final already exists in destination. 17:04:36 [INFO] 17:04:36 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:04:36 [INFO] Executing tasks 17:04:41 [INFO] Executed tasks 17:04:41 [INFO] 17:04:41 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:04:41 [INFO] Checking for updates 17:04:41 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:04:41 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:04:41 [INFO] Check for updates complete (79 ms) 17:04:42 [INFO] 17:04:42 17:04:42 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:04:42 17:04:42 17:04:42 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:04:42 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:04:42 17:04:42 💖 Sponsor: https://github.com/sponsors/jeremylong 17:04:42 17:04:42 17:04:42 [INFO] Analysis Started 17:04:42 [INFO] Finished File Name Analyzer (0 seconds) 17:04:42 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:04:42 [INFO] Finished Hint Analyzer (0 seconds) 17:04:42 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:43 [INFO] Created CPE Index (1 seconds) 17:04:43 [INFO] Finished CPE Analyzer (1 seconds) 17:04:43 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:43 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:43 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:43 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:43 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:43 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:43 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:43 [INFO] Analysis Complete (1 seconds) 17:04:43 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:04:43 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:04:43 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:04:43 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:04:43 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:04:43 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:04:43 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:04:43 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:04:43 [INFO] 17:04:43 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly11 >-- 17:04:43 [INFO] Building dependencies.testsuite.as.wildfly11 1.0 [39/69] 17:04:43 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:43 [INFO] 17:04:43 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 17:04:43 [INFO] 17:04:43 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 17:04:43 [INFO] org.wildfly:wildfly-client-all:jar:11.0.0.Final already exists in destination. 17:04:43 [INFO] 17:04:43 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 17:04:43 [INFO] Executing tasks 17:04:48 [INFO] Executed tasks 17:04:48 [INFO] 17:04:48 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 17:04:48 [INFO] Checking for updates 17:04:48 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:04:48 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:04:48 [INFO] Check for updates complete (85 ms) 17:04:49 [INFO] 17:04:49 17:04:49 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:04:49 17:04:49 17:04:49 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:04:49 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:04:49 17:04:49 💖 Sponsor: https://github.com/sponsors/jeremylong 17:04:49 17:04:49 17:04:49 [INFO] Analysis Started 17:04:49 [INFO] Finished File Name Analyzer (0 seconds) 17:04:49 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:04:49 [INFO] Finished Hint Analyzer (0 seconds) 17:04:49 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:50 [INFO] Created CPE Index (1 seconds) 17:04:50 [INFO] Finished CPE Analyzer (1 seconds) 17:04:50 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:50 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:50 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:50 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:50 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:50 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:50 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:50 [INFO] Analysis Complete (1 seconds) 17:04:50 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:04:50 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:04:50 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:04:50 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:04:50 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:04:50 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:04:50 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:04:50 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:04:50 [INFO] 17:04:50 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly12 >-- 17:04:50 [INFO] Building dependencies.testsuite.as.wildfly12 1.0 [40/69] 17:04:50 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:50 [INFO] 17:04:50 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 17:04:50 [INFO] 17:04:50 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 17:04:50 [INFO] org.wildfly:wildfly-client-all:jar:12.0.0.Final already exists in destination. 17:04:50 [INFO] javax.json:javax.json-api:jar:1.1.2 already exists in destination. 17:04:50 [INFO] 17:04:50 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 17:04:50 [INFO] Executing tasks 17:04:55 [INFO] Executed tasks 17:04:55 [INFO] 17:04:55 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 17:04:55 [INFO] Checking for updates 17:04:55 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:04:55 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:04:55 [INFO] Check for updates complete (79 ms) 17:04:56 [INFO] 17:04:56 17:04:56 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:04:56 17:04:56 17:04:56 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:04:56 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:04:56 17:04:56 💖 Sponsor: https://github.com/sponsors/jeremylong 17:04:56 17:04:56 17:04:56 [INFO] Analysis Started 17:04:56 [INFO] Finished File Name Analyzer (0 seconds) 17:04:56 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:04:56 [INFO] Finished Hint Analyzer (0 seconds) 17:04:56 [INFO] Finished Version Filter Analyzer (0 seconds) 17:04:57 [INFO] Created CPE Index (1 seconds) 17:04:57 [INFO] Finished CPE Analyzer (1 seconds) 17:04:57 [INFO] Finished False Positive Analyzer (0 seconds) 17:04:57 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:04:57 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:04:57 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:04:57 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:04:57 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:04:57 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:04:57 [INFO] Analysis Complete (1 seconds) 17:04:57 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:04:57 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:04:57 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:04:57 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:04:57 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:04:57 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:04:57 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:04:57 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:04:57 [INFO] 17:04:57 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly13 >-- 17:04:57 [INFO] Building dependencies.testsuite.as.wildfly13 1.0 [41/69] 17:04:57 [INFO] --------------------------------[ pom ]--------------------------------- 17:04:57 [INFO] 17:04:57 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 17:04:57 [INFO] 17:04:57 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 17:04:57 [INFO] org.wildfly:wildfly-client-all:jar:13.0.0.Final already exists in destination. 17:04:57 [INFO] javax.json:javax.json-api:jar:1.1.2 already exists in destination. 17:04:57 [INFO] 17:04:57 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 17:04:57 [INFO] Executing tasks 17:05:02 [INFO] Executed tasks 17:05:02 [INFO] 17:05:02 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 17:05:02 [INFO] Checking for updates 17:05:02 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:02 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:02 [INFO] Check for updates complete (75 ms) 17:05:03 [INFO] 17:05:03 17:05:03 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:05:03 17:05:03 17:05:03 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:05:03 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:05:03 17:05:03 💖 Sponsor: https://github.com/sponsors/jeremylong 17:05:03 17:05:03 17:05:03 [INFO] Analysis Started 17:05:03 [INFO] Finished File Name Analyzer (0 seconds) 17:05:03 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:05:03 [INFO] Finished Hint Analyzer (0 seconds) 17:05:03 [INFO] Finished Version Filter Analyzer (0 seconds) 17:05:04 [INFO] Created CPE Index (1 seconds) 17:05:04 [INFO] Finished CPE Analyzer (1 seconds) 17:05:04 [INFO] Finished False Positive Analyzer (0 seconds) 17:05:04 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:05:04 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:05:04 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:05:04 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:05:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:05:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:05:04 [INFO] Analysis Complete (1 seconds) 17:05:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:05:04 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:05:04 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:05:04 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:05:04 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:05:04 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:05:04 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:05:04 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:05:04 [INFO] 17:05:04 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly14 >-- 17:05:04 [INFO] Building dependencies.testsuite.as.wildfly14 1.0 [42/69] 17:05:04 [INFO] --------------------------------[ pom ]--------------------------------- 17:05:04 [INFO] 17:05:04 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 17:05:04 [INFO] 17:05:04 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 17:05:04 [INFO] org.wildfly:wildfly-client-all:jar:14.0.0.Final already exists in destination. 17:05:04 [INFO] 17:05:04 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 17:05:04 [INFO] Executing tasks 17:05:09 [INFO] Executed tasks 17:05:09 [INFO] 17:05:09 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 17:05:09 [INFO] Checking for updates 17:05:09 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:10 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:10 [INFO] Check for updates complete (91 ms) 17:05:10 [INFO] 17:05:10 17:05:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:05:10 17:05:10 17:05:10 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:05:10 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:05:10 17:05:10 💖 Sponsor: https://github.com/sponsors/jeremylong 17:05:10 17:05:10 17:05:10 [INFO] Analysis Started 17:05:10 [INFO] Finished File Name Analyzer (0 seconds) 17:05:10 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:05:10 [INFO] Finished Hint Analyzer (0 seconds) 17:05:10 [INFO] Finished Version Filter Analyzer (0 seconds) 17:05:11 [INFO] Created CPE Index (1 seconds) 17:05:11 [INFO] Finished CPE Analyzer (1 seconds) 17:05:11 [INFO] Finished False Positive Analyzer (0 seconds) 17:05:11 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:05:11 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:05:11 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:05:11 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:05:11 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:05:11 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:05:11 [INFO] Analysis Complete (1 seconds) 17:05:11 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:05:11 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:05:11 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:05:11 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:05:11 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:05:11 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:05:11 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:05:11 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:05:11 [INFO] 17:05:11 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly15 >-- 17:05:11 [INFO] Building dependencies.testsuite.as.wildfly15 1.0 [43/69] 17:05:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:05:11 [INFO] 17:05:11 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 17:05:11 [INFO] 17:05:11 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 17:05:11 [INFO] org.wildfly:wildfly-client-all:jar:15.0.0.Final already exists in destination. 17:05:11 [INFO] 17:05:11 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 17:05:11 [INFO] Executing tasks 17:05:16 [INFO] Executed tasks 17:05:16 [INFO] 17:05:16 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 17:05:16 [INFO] Checking for updates 17:05:16 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:16 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:16 [INFO] Check for updates complete (76 ms) 17:05:17 [INFO] 17:05:17 17:05:17 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:05:17 17:05:17 17:05:17 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:05:17 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:05:17 17:05:17 💖 Sponsor: https://github.com/sponsors/jeremylong 17:05:17 17:05:17 17:05:17 [INFO] Analysis Started 17:05:17 [INFO] Finished File Name Analyzer (0 seconds) 17:05:17 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:05:17 [INFO] Finished Hint Analyzer (0 seconds) 17:05:17 [INFO] Finished Version Filter Analyzer (0 seconds) 17:05:18 [INFO] Created CPE Index (1 seconds) 17:05:18 [INFO] Finished CPE Analyzer (1 seconds) 17:05:18 [INFO] Finished False Positive Analyzer (0 seconds) 17:05:18 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:05:18 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:05:18 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:05:18 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:05:18 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:05:18 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:05:18 [INFO] Analysis Complete (1 seconds) 17:05:18 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:05:18 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:05:18 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:05:18 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:05:18 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:05:18 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:05:18 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:05:18 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:05:18 [INFO] 17:05:18 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly16 >-- 17:05:18 [INFO] Building dependencies.testsuite.as.wildfly16 1.0 [44/69] 17:05:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:05:18 [INFO] 17:05:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 17:05:18 [INFO] 17:05:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 17:05:18 [INFO] org.wildfly:wildfly-client-all:jar:16.0.0.Final already exists in destination. 17:05:18 [INFO] 17:05:18 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 17:05:18 [INFO] Executing tasks 17:05:23 [INFO] Executed tasks 17:05:23 [INFO] 17:05:23 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 17:05:23 [INFO] Checking for updates 17:05:23 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:23 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:23 [INFO] Check for updates complete (78 ms) 17:05:24 [INFO] 17:05:24 17:05:24 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:05:24 17:05:24 17:05:24 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:05:24 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:05:24 17:05:24 💖 Sponsor: https://github.com/sponsors/jeremylong 17:05:24 17:05:24 17:05:24 [INFO] Analysis Started 17:05:24 [INFO] Finished File Name Analyzer (0 seconds) 17:05:24 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:05:24 [INFO] Finished Hint Analyzer (0 seconds) 17:05:24 [INFO] Finished Version Filter Analyzer (0 seconds) 17:05:25 [INFO] Created CPE Index (1 seconds) 17:05:25 [INFO] Finished CPE Analyzer (1 seconds) 17:05:25 [INFO] Finished False Positive Analyzer (0 seconds) 17:05:25 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:05:25 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:05:25 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:05:25 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:05:25 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:05:25 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:05:25 [INFO] Analysis Complete (1 seconds) 17:05:25 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:05:25 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:05:25 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:05:25 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:05:25 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:05:25 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:05:25 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:05:25 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:05:25 [INFO] 17:05:25 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly17 >-- 17:05:25 [INFO] Building dependencies.testsuite.as.wildfly17 1.0 [45/69] 17:05:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:05:26 [INFO] 17:05:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 17:05:26 [INFO] 17:05:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 17:05:26 [INFO] org.wildfly:wildfly-client-all:jar:17.0.0.Final already exists in destination. 17:05:26 [INFO] 17:05:26 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 17:05:26 [INFO] Executing tasks 17:05:31 [INFO] Executed tasks 17:05:31 [INFO] 17:05:31 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 17:05:31 [INFO] Checking for updates 17:05:31 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:31 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:31 [INFO] Check for updates complete (70 ms) 17:05:31 [INFO] 17:05:31 17:05:31 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:05:31 17:05:31 17:05:31 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:05:31 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:05:31 17:05:31 💖 Sponsor: https://github.com/sponsors/jeremylong 17:05:31 17:05:31 17:05:31 [INFO] Analysis Started 17:05:31 [INFO] Finished File Name Analyzer (0 seconds) 17:05:31 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:05:31 [INFO] Finished Hint Analyzer (0 seconds) 17:05:31 [INFO] Finished Version Filter Analyzer (0 seconds) 17:05:32 [INFO] Created CPE Index (1 seconds) 17:05:32 [INFO] Finished CPE Analyzer (1 seconds) 17:05:32 [INFO] Finished False Positive Analyzer (0 seconds) 17:05:32 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:05:32 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:05:32 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:05:32 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:05:32 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:05:32 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:05:32 [INFO] Analysis Complete (1 seconds) 17:05:32 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:05:32 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:05:32 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:05:32 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:05:32 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:05:32 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:05:32 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:05:32 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:05:32 [INFO] 17:05:32 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly18 >-- 17:05:32 [INFO] Building dependencies.testsuite.as.wildfly18 1.0 [46/69] 17:05:32 [INFO] --------------------------------[ pom ]--------------------------------- 17:05:32 [INFO] 17:05:32 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 17:05:32 [INFO] 17:05:32 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 17:05:32 [INFO] org.wildfly:wildfly-client-all:jar:18.0.0.Final already exists in destination. 17:05:32 [INFO] 17:05:32 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 17:05:32 [INFO] Executing tasks 17:05:37 [INFO] Executed tasks 17:05:37 [INFO] 17:05:37 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 17:05:37 [INFO] Checking for updates 17:05:37 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:38 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:38 [INFO] Check for updates complete (142 ms) 17:05:38 [INFO] 17:05:38 17:05:38 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:05:38 17:05:38 17:05:38 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:05:38 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:05:38 17:05:38 💖 Sponsor: https://github.com/sponsors/jeremylong 17:05:38 17:05:38 17:05:38 [INFO] Analysis Started 17:05:38 [INFO] Finished File Name Analyzer (0 seconds) 17:05:38 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:05:38 [INFO] Finished Hint Analyzer (0 seconds) 17:05:38 [INFO] Finished Version Filter Analyzer (0 seconds) 17:05:39 [INFO] Created CPE Index (1 seconds) 17:05:40 [INFO] Finished CPE Analyzer (1 seconds) 17:05:40 [INFO] Finished False Positive Analyzer (0 seconds) 17:05:40 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:05:40 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:05:40 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:05:40 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:05:40 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:05:40 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:05:40 [INFO] Analysis Complete (1 seconds) 17:05:40 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:05:40 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:05:40 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:05:40 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:05:40 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:05:40 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:05:40 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:05:40 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:05:40 [INFO] 17:05:40 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly19 >-- 17:05:40 [INFO] Building dependencies.testsuite.as.wildfly19 1.0 [47/69] 17:05:40 [INFO] --------------------------------[ pom ]--------------------------------- 17:05:40 [INFO] 17:05:40 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 17:05:40 [INFO] 17:05:40 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 17:05:40 [INFO] org.wildfly:wildfly-client-all:jar:19.0.0.Final already exists in destination. 17:05:40 [INFO] 17:05:40 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 17:05:40 [INFO] Executing tasks 17:05:45 [INFO] Executed tasks 17:05:45 [INFO] 17:05:45 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 17:05:45 [INFO] Checking for updates 17:05:45 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:45 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:45 [INFO] Check for updates complete (81 ms) 17:05:45 [INFO] 17:05:45 17:05:45 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:05:45 17:05:45 17:05:45 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:05:45 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:05:45 17:05:45 💖 Sponsor: https://github.com/sponsors/jeremylong 17:05:45 17:05:45 17:05:45 [INFO] Analysis Started 17:05:45 [INFO] Finished File Name Analyzer (0 seconds) 17:05:45 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:05:45 [INFO] Finished Hint Analyzer (0 seconds) 17:05:45 [INFO] Finished Version Filter Analyzer (0 seconds) 17:05:47 [INFO] Created CPE Index (1 seconds) 17:05:47 [INFO] Finished CPE Analyzer (1 seconds) 17:05:47 [INFO] Finished False Positive Analyzer (0 seconds) 17:05:47 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:05:47 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:05:47 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:05:47 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:05:47 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:05:47 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:05:47 [INFO] Analysis Complete (1 seconds) 17:05:47 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:05:47 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:05:47 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:05:47 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:05:47 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:05:47 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:05:47 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:05:47 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:05:47 [INFO] 17:05:47 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly20 >-- 17:05:47 [INFO] Building dependencies.testsuite.as.wildfly20 1.0 [48/69] 17:05:47 [INFO] --------------------------------[ pom ]--------------------------------- 17:05:47 [INFO] 17:05:47 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 17:05:47 [INFO] 17:05:47 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 17:05:47 [INFO] org.wildfly:wildfly-client-all:jar:20.0.0.Final already exists in destination. 17:05:47 [INFO] 17:05:47 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 17:05:47 [INFO] Executing tasks 17:05:52 [INFO] Executed tasks 17:05:52 [INFO] 17:05:52 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 17:05:52 [INFO] Checking for updates 17:05:52 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:52 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:52 [INFO] Check for updates complete (87 ms) 17:05:52 [INFO] 17:05:52 17:05:52 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:05:52 17:05:52 17:05:52 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:05:52 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:05:52 17:05:52 💖 Sponsor: https://github.com/sponsors/jeremylong 17:05:52 17:05:52 17:05:52 [INFO] Analysis Started 17:05:52 [INFO] Finished File Name Analyzer (0 seconds) 17:05:52 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:05:52 [INFO] Finished Hint Analyzer (0 seconds) 17:05:52 [INFO] Finished Version Filter Analyzer (0 seconds) 17:05:54 [INFO] Created CPE Index (1 seconds) 17:05:54 [INFO] Finished CPE Analyzer (1 seconds) 17:05:54 [INFO] Finished False Positive Analyzer (0 seconds) 17:05:54 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:05:54 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:05:54 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:05:54 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:05:54 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:05:54 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:05:54 [INFO] Analysis Complete (1 seconds) 17:05:54 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:05:54 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:05:54 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:05:54 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:05:54 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:05:54 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:05:54 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:05:54 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:05:54 [INFO] 17:05:54 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly21 >-- 17:05:54 [INFO] Building dependencies.testsuite.as.wildfly21 1.0 [49/69] 17:05:54 [INFO] --------------------------------[ pom ]--------------------------------- 17:05:54 [INFO] 17:05:54 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 17:05:54 [INFO] 17:05:54 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 17:05:54 [INFO] org.wildfly:wildfly-client-all:jar:21.0.0.Final already exists in destination. 17:05:54 [INFO] 17:05:54 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 17:05:54 [INFO] Executing tasks 17:05:59 [INFO] Executed tasks 17:05:59 [INFO] 17:05:59 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 17:05:59 [INFO] Checking for updates 17:05:59 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:05:59 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:05:59 [INFO] Check for updates complete (101 ms) 17:06:00 [INFO] 17:06:00 17:06:00 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:00 17:06:00 17:06:00 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:00 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:00 17:06:00 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:00 17:06:00 17:06:00 [INFO] Analysis Started 17:06:00 [INFO] Finished File Name Analyzer (0 seconds) 17:06:00 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:00 [INFO] Finished Hint Analyzer (0 seconds) 17:06:00 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:01 [INFO] Created CPE Index (1 seconds) 17:06:01 [INFO] Finished CPE Analyzer (1 seconds) 17:06:01 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:01 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:01 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:01 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:01 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:01 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:01 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:01 [INFO] Analysis Complete (1 seconds) 17:06:01 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:06:01 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:06:01 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:06:01 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:06:01 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:06:01 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:06:01 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:06:01 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:06:01 [INFO] 17:06:01 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly22 >-- 17:06:01 [INFO] Building dependencies.testsuite.as.wildfly22 1.0 [50/69] 17:06:01 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:01 [INFO] 17:06:01 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 17:06:01 [INFO] 17:06:01 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 17:06:01 [INFO] org.wildfly:wildfly-client-all:jar:22.0.0.Final already exists in destination. 17:06:01 [INFO] 17:06:01 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 17:06:01 [INFO] Executing tasks 17:06:06 [INFO] Executed tasks 17:06:06 [INFO] 17:06:06 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 17:06:06 [INFO] Checking for updates 17:06:06 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:06:06 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:06:06 [INFO] Check for updates complete (71 ms) 17:06:07 [INFO] 17:06:07 17:06:07 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:07 17:06:07 17:06:07 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:07 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:07 17:06:07 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:07 17:06:07 17:06:07 [INFO] Analysis Started 17:06:07 [INFO] Finished File Name Analyzer (0 seconds) 17:06:07 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:07 [INFO] Finished Hint Analyzer (0 seconds) 17:06:07 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:08 [INFO] Created CPE Index (1 seconds) 17:06:08 [INFO] Finished CPE Analyzer (1 seconds) 17:06:08 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:08 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:08 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:08 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:08 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:08 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:08 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:08 [INFO] Analysis Complete (1 seconds) 17:06:08 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:06:08 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:06:08 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:06:08 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:06:08 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:06:08 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:06:08 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:06:08 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:06:08 [INFO] 17:06:08 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly23 >-- 17:06:08 [INFO] Building dependencies.testsuite.as.wildfly23 1.0 [51/69] 17:06:08 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:08 [INFO] 17:06:08 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 17:06:08 [INFO] 17:06:08 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 17:06:08 [INFO] org.wildfly:wildfly-client-all:jar:23.0.0.Final already exists in destination. 17:06:08 [INFO] 17:06:08 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 17:06:08 [INFO] Executing tasks 17:06:13 [INFO] Executed tasks 17:06:13 [INFO] 17:06:13 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 17:06:13 [INFO] Checking for updates 17:06:13 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:06:13 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:06:13 [INFO] Check for updates complete (69 ms) 17:06:13 [INFO] 17:06:13 17:06:13 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:13 17:06:13 17:06:13 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:13 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:13 17:06:13 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:13 17:06:13 17:06:13 [INFO] Analysis Started 17:06:13 [INFO] Finished File Name Analyzer (0 seconds) 17:06:13 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:13 [INFO] Finished Hint Analyzer (0 seconds) 17:06:13 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:15 [INFO] Created CPE Index (1 seconds) 17:06:15 [INFO] Finished CPE Analyzer (1 seconds) 17:06:15 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:15 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:15 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:15 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:15 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:15 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:15 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:15 [INFO] Analysis Complete (1 seconds) 17:06:15 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:06:15 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:06:15 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:06:15 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:06:15 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:06:15 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:06:15 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:06:15 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:06:15 [INFO] 17:06:15 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly24 >-- 17:06:15 [INFO] Building dependencies.testsuite.as.wildfly24 1.0 [52/69] 17:06:15 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:15 [INFO] 17:06:15 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 17:06:15 [INFO] 17:06:15 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 17:06:15 [INFO] org.wildfly:wildfly-client-all:jar:24.0.0.Final already exists in destination. 17:06:15 [INFO] 17:06:15 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 17:06:15 [INFO] Executing tasks 17:06:20 [INFO] Executed tasks 17:06:20 [INFO] 17:06:20 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 17:06:20 [INFO] Checking for updates 17:06:20 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:06:20 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:06:20 [INFO] Check for updates complete (77 ms) 17:06:20 [INFO] 17:06:20 17:06:20 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:20 17:06:20 17:06:20 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:20 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:20 17:06:20 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:20 17:06:20 17:06:20 [INFO] Analysis Started 17:06:20 [INFO] Finished File Name Analyzer (0 seconds) 17:06:20 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:20 [INFO] Finished Hint Analyzer (0 seconds) 17:06:20 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:22 [INFO] Created CPE Index (1 seconds) 17:06:22 [INFO] Finished CPE Analyzer (1 seconds) 17:06:22 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:22 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:22 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:22 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:22 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:22 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:22 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:22 [INFO] Analysis Complete (1 seconds) 17:06:22 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:06:22 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:06:22 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:06:22 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:06:22 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:06:22 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:06:22 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:06:22 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:06:22 [INFO] 17:06:22 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly25 >-- 17:06:22 [INFO] Building dependencies.testsuite.as.wildfly25 1.0 [53/69] 17:06:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:22 [INFO] 17:06:22 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 17:06:22 [INFO] 17:06:22 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 17:06:22 [INFO] org.wildfly:wildfly-client-all:jar:25.0.0.Final already exists in destination. 17:06:22 [INFO] 17:06:22 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 17:06:22 [INFO] Executing tasks 17:06:27 [INFO] Executed tasks 17:06:27 [INFO] 17:06:27 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 17:06:27 [INFO] Checking for updates 17:06:27 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:06:27 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:06:27 [INFO] Check for updates complete (68 ms) 17:06:28 [INFO] 17:06:28 17:06:28 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:28 17:06:28 17:06:28 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:28 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:28 17:06:28 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:28 17:06:28 17:06:28 [INFO] Analysis Started 17:06:28 [INFO] Finished File Name Analyzer (0 seconds) 17:06:28 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:28 [INFO] Finished Hint Analyzer (0 seconds) 17:06:28 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:29 [INFO] Created CPE Index (1 seconds) 17:06:29 [INFO] Finished CPE Analyzer (1 seconds) 17:06:29 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:29 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:29 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:29 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:29 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:29 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:29 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:29 [INFO] Analysis Complete (1 seconds) 17:06:29 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:06:29 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:06:29 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:06:29 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:06:29 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:06:29 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:06:29 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:06:29 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:06:29 [INFO] 17:06:29 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly26 >-- 17:06:29 [INFO] Building dependencies.testsuite.as.wildfly26 1.0 [54/69] 17:06:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:29 [INFO] 17:06:29 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 17:06:29 [INFO] 17:06:29 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 17:06:29 [INFO] org.wildfly:wildfly-client-all:jar:26.0.0.Final already exists in destination. 17:06:29 [INFO] 17:06:29 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 17:06:29 [INFO] Executing tasks 17:06:34 [INFO] Executed tasks 17:06:34 [INFO] 17:06:34 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 17:06:34 [INFO] Checking for updates 17:06:34 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:06:35 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:06:35 [INFO] Check for updates complete (87 ms) 17:06:35 [INFO] 17:06:35 17:06:35 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:35 17:06:35 17:06:35 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:35 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:35 17:06:35 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:35 17:06:35 17:06:35 [INFO] Analysis Started 17:06:35 [INFO] Finished File Name Analyzer (0 seconds) 17:06:35 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:35 [INFO] Finished Hint Analyzer (0 seconds) 17:06:35 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:36 [INFO] Created CPE Index (1 seconds) 17:06:36 [INFO] Finished CPE Analyzer (1 seconds) 17:06:36 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:36 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:36 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:36 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:36 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:36 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:36 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:36 [INFO] Analysis Complete (1 seconds) 17:06:36 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:06:36 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:06:36 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:06:36 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:06:36 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:06:36 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:06:36 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:06:36 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:06:36 [INFO] 17:06:36 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat9 >-- 17:06:36 [INFO] Building dependencies.testsuite.as.tomcat9 1.0 [55/69] 17:06:36 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:36 [INFO] 17:06:36 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 17:06:36 [INFO] 17:06:36 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 17:06:36 [INFO] org.apache.tomcat:tomcat-catalina:jar:9.0.98 already exists in destination. 17:06:36 [INFO] org.apache.tomcat:tomcat-juli:jar:9.0.98 already exists in destination. 17:06:36 [INFO] 17:06:36 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 17:06:36 [INFO] Executing tasks 17:06:41 [INFO] Executed tasks 17:06:41 [INFO] 17:06:41 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 17:06:41 [INFO] Checking for updates 17:06:41 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:06:41 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:06:41 [INFO] Check for updates complete (72 ms) 17:06:42 [INFO] 17:06:42 17:06:42 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:42 17:06:42 17:06:42 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:42 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:42 17:06:42 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:42 17:06:42 17:06:42 [INFO] Analysis Started 17:06:42 [INFO] Finished File Name Analyzer (0 seconds) 17:06:42 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:42 [INFO] Finished Hint Analyzer (0 seconds) 17:06:42 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:43 [INFO] Created CPE Index (1 seconds) 17:06:43 [INFO] Finished CPE Analyzer (1 seconds) 17:06:43 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:43 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:43 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:43 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:43 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:43 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:43 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:43 [INFO] Analysis Complete (1 seconds) 17:06:43 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:06:43 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:06:44 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:06:44 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:06:44 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:06:44 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:06:44 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:06:44 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:06:44 [INFO] 17:06:44 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 17:06:44 [INFO] Building dependencies.testsuite.test 1.0 [56/69] 17:06:44 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:44 [INFO] 17:06:44 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test --- 17:06:44 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite (includes = [*.jar], excludes = []) 17:06:44 [INFO] 17:06:44 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test --- 17:06:44 [INFO] 17:06:44 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test --- 17:06:44 [INFO] Executing tasks 17:06:44 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds-all-2.0.0.AM27.jar 17:06:44 [INFO] Executed tasks 17:06:44 [INFO] 17:06:44 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.test --- 17:06:44 [INFO] Executing tasks 17:06:49 [INFO] Executed tasks 17:06:49 [INFO] 17:06:49 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.test --- 17:06:49 [INFO] Checking for updates 17:06:49 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:06:49 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:06:49 [INFO] Check for updates complete (75 ms) 17:06:49 [INFO] 17:06:49 17:06:49 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:49 17:06:49 17:06:49 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:49 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:49 17:06:49 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:49 17:06:49 17:06:49 [INFO] Analysis Started 17:06:49 [INFO] Finished File Name Analyzer (0 seconds) 17:06:49 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:49 [INFO] Finished Hint Analyzer (0 seconds) 17:06:49 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:50 [INFO] Created CPE Index (1 seconds) 17:06:51 [INFO] Finished CPE Analyzer (1 seconds) 17:06:51 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:51 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:51 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:51 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:51 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:51 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:51 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:51 [INFO] Analysis Complete (1 seconds) 17:06:51 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:06:51 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:06:51 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:06:51 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:06:51 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:06:51 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:06:51 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:06:51 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:06:51 [INFO] 17:06:51 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 17:06:51 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [57/69] 17:06:51 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:51 [INFO] 17:06:51 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 17:06:51 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 17:06:51 [INFO] 17:06:51 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 17:06:51 [INFO] 17:06:51 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.staticAnalysis --- 17:06:51 [INFO] Executing tasks 17:06:56 [INFO] Executed tasks 17:06:56 [INFO] 17:06:56 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.staticAnalysis --- 17:06:56 [INFO] Checking for updates 17:06:56 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:06:56 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:06:56 [INFO] Check for updates complete (68 ms) 17:06:56 [INFO] 17:06:56 17:06:56 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:06:56 17:06:56 17:06:56 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:06:56 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:06:56 17:06:56 💖 Sponsor: https://github.com/sponsors/jeremylong 17:06:56 17:06:56 17:06:56 [INFO] Analysis Started 17:06:56 [INFO] Finished File Name Analyzer (0 seconds) 17:06:56 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:06:56 [INFO] Finished Hint Analyzer (0 seconds) 17:06:56 [INFO] Finished Version Filter Analyzer (0 seconds) 17:06:57 [INFO] Created CPE Index (1 seconds) 17:06:58 [INFO] Finished CPE Analyzer (1 seconds) 17:06:58 [INFO] Finished False Positive Analyzer (0 seconds) 17:06:58 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:06:58 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:06:58 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:06:58 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:06:58 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:06:58 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:06:58 [INFO] Analysis Complete (1 seconds) 17:06:58 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:06:58 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:06:58 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:06:58 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:06:58 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:06:58 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:06:58 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:06:58 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:06:58 [INFO] 17:06:58 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 17:06:58 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [58/69] 17:06:58 [INFO] --------------------------------[ pom ]--------------------------------- 17:06:58 [INFO] 17:06:58 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:06:58 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 17:06:58 [INFO] 17:06:58 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:06:58 [INFO] 17:06:58 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:06:58 [INFO] Executing tasks 17:07:03 [INFO] Executed tasks 17:07:03 [INFO] 17:07:03 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:07:03 [INFO] Checking for updates 17:07:03 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:07:03 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:07:03 [INFO] Check for updates complete (71 ms) 17:07:03 [INFO] 17:07:03 17:07:03 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:07:03 17:07:03 17:07:03 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:07:03 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:07:03 17:07:03 💖 Sponsor: https://github.com/sponsors/jeremylong 17:07:03 17:07:03 17:07:03 [INFO] Analysis Started 17:07:03 [INFO] Finished File Name Analyzer (0 seconds) 17:07:03 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:07:03 [INFO] Finished Hint Analyzer (0 seconds) 17:07:03 [INFO] Finished Version Filter Analyzer (0 seconds) 17:07:04 [INFO] Created CPE Index (1 seconds) 17:07:04 [INFO] Finished CPE Analyzer (1 seconds) 17:07:04 [INFO] Finished False Positive Analyzer (0 seconds) 17:07:04 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:07:04 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:07:04 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:07:04 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:07:04 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:07:04 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:07:04 [INFO] Analysis Complete (1 seconds) 17:07:04 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:07:04 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:07:04 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:07:04 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:07:04 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:07:04 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:07:04 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:07:04 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:07:05 [INFO] 17:07:05 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 17:07:05 [INFO] Building dependencies.testsuite.coverage 1.0 [59/69] 17:07:05 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:05 [INFO] 17:07:05 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 17:07:05 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 17:07:05 [INFO] 17:07:05 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 17:07:05 [INFO] 17:07:05 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.coverage --- 17:07:05 [INFO] Executing tasks 17:07:10 [INFO] Executed tasks 17:07:10 [INFO] 17:07:10 [INFO] --- dependency-check-maven:11.1.1:aggregate (check owasp) @ org.openspcoop2.testsuite.coverage --- 17:07:10 [INFO] Checking for updates 17:07:10 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:07:10 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:07:10 [INFO] Check for updates complete (73 ms) 17:07:10 [INFO] 17:07:10 17:07:10 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:07:10 17:07:10 17:07:10 About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html 17:07:10 False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html 17:07:10 17:07:10 💖 Sponsor: https://github.com/sponsors/jeremylong 17:07:10 17:07:10 17:07:10 [INFO] Analysis Started 17:07:10 [INFO] Finished File Name Analyzer (0 seconds) 17:07:10 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:07:10 [INFO] Finished Hint Analyzer (0 seconds) 17:07:10 [INFO] Finished Version Filter Analyzer (0 seconds) 17:07:11 [INFO] Created CPE Index (1 seconds) 17:07:11 [INFO] Finished CPE Analyzer (1 seconds) 17:07:11 [INFO] Finished False Positive Analyzer (0 seconds) 17:07:11 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:07:11 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:07:11 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:07:11 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:07:11 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:07:11 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:07:11 [INFO] Analysis Complete (1 seconds) 17:07:11 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:07:11 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:07:11 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:07:11 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:07:11 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:07:11 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:07:11 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:07:11 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:07:11 [INFO] 17:07:11 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 17:07:11 [INFO] Building compile 1.0 [60/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- 17:07:11 [INFO] Building package 1.0 [61/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- 17:07:11 [INFO] Building testsuite.utils 1.0 [62/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- 17:07:11 [INFO] Building testsuite.utils.sql 1.0 [63/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- 17:07:11 [INFO] Building testsuite.pdd.core 1.0 [64/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- 17:07:11 [INFO] Building testsuite.pdd.core.sql 1.0 [65/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ 17:07:11 [INFO] Building static_analysis.spotbugs 1.0 [66/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ 17:07:11 [INFO] Building static_analysis.sonarqube 1.0 [67/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- 17:07:11 [INFO] Building dynamic_analysis.zap 1.0 [68/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] 17:07:11 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- 17:07:11 [INFO] Building coverage.jacoco 1.0 [69/69] 17:07:11 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:11 [INFO] ------------------------------------------------------------------------ 17:07:11 [INFO] Reactor Summary for govway 1.0: 17:07:11 [INFO] 17:07:11 [INFO] govway ............................................. SUCCESS [ 0.004 s] 17:07:11 [INFO] dependencies ....................................... SUCCESS [ 58.436 s] 17:07:11 [INFO] dependencies.ant ................................... SUCCESS [ 8.446 s] 17:07:11 [INFO] dependencies.antinstaller .......................... SUCCESS [ 8.218 s] 17:07:11 [INFO] dependencies.axiom ................................. SUCCESS [ 8.025 s] 17:07:11 [INFO] dependencies.bean-validation ....................... SUCCESS [ 7.653 s] 17:07:11 [INFO] dependencies.cxf ................................... SUCCESS [ 8.850 s] 17:07:11 [INFO] dependencies.commons ............................... SUCCESS [ 9.417 s] 17:07:11 [INFO] dependencies.faces ................................. SUCCESS [ 18.653 s] 17:07:11 [INFO] dependencies.git ................................... SUCCESS [ 7.389 s] 17:07:11 [INFO] dependencies.httpcore .............................. SUCCESS [ 7.563 s] 17:07:11 [INFO] dependencies.jackson ............................... SUCCESS [ 7.375 s] 17:07:11 [INFO] dependencies.javax ................................. SUCCESS [ 7.599 s] 17:07:11 [INFO] dependencies.jax ................................... SUCCESS [ 8.223 s] 17:07:11 [INFO] dependencies.jetty ................................. SUCCESS [ 7.392 s] 17:07:11 [INFO] dependencies.jminix ................................ SUCCESS [ 9.362 s] 17:07:11 [INFO] dependencies.json .................................. SUCCESS [ 7.520 s] 17:07:11 [INFO] dependencies.log ................................... SUCCESS [ 7.093 s] 17:07:11 [INFO] dependencies.lucene ................................ SUCCESS [ 7.488 s] 17:07:11 [INFO] dependencies.openapi4j ............................. SUCCESS [ 7.283 s] 17:07:11 [INFO] dependencies.opensaml .............................. SUCCESS [ 7.430 s] 17:07:11 [INFO] dependencies.pdf ................................... SUCCESS [ 7.366 s] 17:07:11 [INFO] dependencies.redis ................................. SUCCESS [ 7.488 s] 17:07:11 [INFO] dependencies.reports ............................... SUCCESS [ 7.244 s] 17:07:11 [INFO] dependencies.saaj .................................. SUCCESS [ 7.110 s] 17:07:11 [INFO] dependencies.security .............................. SUCCESS [ 7.601 s] 17:07:11 [INFO] dependencies.shared ................................ SUCCESS [ 9.687 s] 17:07:11 [INFO] dependencies.spring ................................ SUCCESS [ 7.883 s] 17:07:11 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 7.265 s] 17:07:11 [INFO] dependencies.spring-security ....................... SUCCESS [ 7.428 s] 17:07:11 [INFO] dependencies.swagger ............................... SUCCESS [ 15.767 s] 17:07:11 [INFO] dependencies.wadl .................................. SUCCESS [ 7.107 s] 17:07:11 [INFO] dependencies.wss4j ................................. SUCCESS [ 7.318 s] 17:07:11 [INFO] dependencies.testsuite ............................. SUCCESS [ 6.919 s] 17:07:11 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 7.203 s] 17:07:11 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 6.830 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly9 ................. SUCCESS [ 7.005 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly10 ................ SUCCESS [ 6.927 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly11 ................ SUCCESS [ 7.129 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly12 ................ SUCCESS [ 7.116 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly13 ................ SUCCESS [ 7.106 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly14 ................ SUCCESS [ 6.858 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly15 ................ SUCCESS [ 6.870 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly16 ................ SUCCESS [ 7.423 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly17 ................ SUCCESS [ 6.767 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly18 ................ SUCCESS [ 7.653 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly19 ................ SUCCESS [ 7.046 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly20 ................ SUCCESS [ 7.106 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly21 ................ SUCCESS [ 7.099 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly22 ................ SUCCESS [ 6.908 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly23 ................ SUCCESS [ 6.893 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly24 ................ SUCCESS [ 7.299 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly25 ................ SUCCESS [ 7.071 s] 17:07:11 [INFO] dependencies.testsuite.as.wildfly26 ................ SUCCESS [ 6.882 s] 17:07:11 [INFO] dependencies.testsuite.as.tomcat9 .................. SUCCESS [ 7.377 s] 17:07:11 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 7.060 s] 17:07:11 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 7.022 s] 17:07:11 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 6.819 s] 17:07:11 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 6.744 s] 17:07:11 [INFO] compile ............................................ SUCCESS [ 0.000 s] 17:07:11 [INFO] package ............................................ SUCCESS [ 0.001 s] 17:07:11 [INFO] testsuite.utils .................................... SUCCESS [ 0.000 s] 17:07:11 [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.000 s] 17:07:11 [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.001 s] 17:07:11 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.001 s] 17:07:11 [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.000 s] 17:07:11 [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.000 s] 17:07:11 [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.001 s] 17:07:11 [INFO] coverage.jacoco .................................... SUCCESS [ 0.000 s] 17:07:11 [INFO] ------------------------------------------------------------------------ 17:07:11 [INFO] BUILD SUCCESS 17:07:11 [INFO] ------------------------------------------------------------------------ 17:07:11 [INFO] Total time: 08:22 min 17:07:11 [INFO] Finished at: 2025-01-08T17:07:11+01:00 17:07:11 [INFO] ------------------------------------------------------------------------ 17:07:12 [GovWay] $ /bin/bash /tmp/jenkins4880067262297288641.sh 17:07:12 Pubblicazione risultati dependency check ... 17:07:12 cp: cannot create directory ‘/opt/apache-tomcat-9.0.91/webapps/dependency-check/result’: No such file or directory 17:07:12 Pubblicazione risultati dependency check effettuata 17:07:12 Pubblicazione installer su risultati testsuite ... 17:07:12 Pubblicazione installer su risultati testsuite effettuata 17:07:12 [GovWay] $ /opt/apache-maven-3.6.3/bin/mvn -Dpackage=none -Dcompile=compile -Dowasp=none -Dtestsuite=none compile 17:07:14 [INFO] Scanning for projects... 17:07:14 [INFO] ------------------------------------------------------------------------ 17:07:14 [INFO] Reactor Build Order: 17:07:14 [INFO] 17:07:14 [INFO] govway [pom] 17:07:14 [INFO] dependencies [pom] 17:07:14 [INFO] dependencies.ant [pom] 17:07:14 [INFO] dependencies.antinstaller [pom] 17:07:14 [INFO] dependencies.axiom [pom] 17:07:14 [INFO] dependencies.bean-validation [pom] 17:07:14 [INFO] dependencies.cxf [pom] 17:07:14 [INFO] dependencies.commons [pom] 17:07:14 [INFO] dependencies.faces [pom] 17:07:14 [INFO] dependencies.git [pom] 17:07:14 [INFO] dependencies.httpcore [pom] 17:07:14 [INFO] dependencies.jackson [pom] 17:07:14 [INFO] dependencies.javax [pom] 17:07:14 [INFO] dependencies.jax [pom] 17:07:14 [INFO] dependencies.jetty [pom] 17:07:14 [INFO] dependencies.jminix [pom] 17:07:14 [INFO] dependencies.json [pom] 17:07:14 [INFO] dependencies.log [pom] 17:07:14 [INFO] dependencies.lucene [pom] 17:07:14 [INFO] dependencies.openapi4j [pom] 17:07:14 [INFO] dependencies.opensaml [pom] 17:07:14 [INFO] dependencies.pdf [pom] 17:07:14 [INFO] dependencies.redis [pom] 17:07:14 [INFO] dependencies.reports [pom] 17:07:14 [INFO] dependencies.saaj [pom] 17:07:14 [INFO] dependencies.security [pom] 17:07:14 [INFO] dependencies.shared [pom] 17:07:14 [INFO] dependencies.spring [pom] 17:07:14 [INFO] dependencies.spring-ldap [pom] 17:07:14 [INFO] dependencies.spring-security [pom] 17:07:14 [INFO] dependencies.swagger [pom] 17:07:14 [INFO] dependencies.wadl [pom] 17:07:14 [INFO] dependencies.wss4j [pom] 17:07:14 [INFO] dependencies.testsuite [pom] 17:07:14 [INFO] dependencies.testsuite.axis14 [pom] 17:07:14 [INFO] dependencies.testsuite.as [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly9 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly10 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly11 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly12 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly13 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly14 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly15 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly16 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly17 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly18 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly19 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly20 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly21 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly22 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly23 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly24 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly25 [pom] 17:07:14 [INFO] dependencies.testsuite.as.wildfly26 [pom] 17:07:14 [INFO] dependencies.testsuite.as.tomcat9 [pom] 17:07:14 [INFO] dependencies.testsuite.test [pom] 17:07:14 [INFO] dependencies.testsuite.staticAnalysis [pom] 17:07:14 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 17:07:14 [INFO] dependencies.testsuite.coverage [pom] 17:07:14 [INFO] compile [pom] 17:07:14 [INFO] package [pom] 17:07:14 [INFO] testsuite.utils [pom] 17:07:14 [INFO] testsuite.utils.sql [pom] 17:07:14 [INFO] testsuite.pdd.core [pom] 17:07:14 [INFO] testsuite.pdd.core.sql [pom] 17:07:14 [INFO] static_analysis.spotbugs [pom] 17:07:14 [INFO] static_analysis.sonarqube [pom] 17:07:14 [INFO] dynamic_analysis.zap [pom] 17:07:14 [INFO] coverage.jacoco [pom] 17:07:14 [INFO] 17:07:14 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 17:07:14 [INFO] Building govway 1.0 [1/69] 17:07:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:14 [INFO] 17:07:14 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 17:07:14 [INFO] Building dependencies 1.0 [2/69] 17:07:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:14 [INFO] 17:07:14 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 17:07:14 [INFO] Building dependencies.ant 1.0 [3/69] 17:07:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:15 [INFO] 17:07:15 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.ant --- 17:07:15 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 17:07:15 [INFO] 17:07:15 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 17:07:16 [INFO] 17:07:16 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 17:07:16 [INFO] Building dependencies.antinstaller 1.0 [4/69] 17:07:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:16 [INFO] 17:07:16 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 17:07:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 17:07:16 [INFO] 17:07:16 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 17:07:16 [INFO] 17:07:16 [INFO] ---------------< org.openspcoop2:org.openspcoop2.axiom >---------------- 17:07:16 [INFO] Building dependencies.axiom 1.0 [5/69] 17:07:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:16 [INFO] 17:07:16 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.axiom --- 17:07:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axiom (includes = [*.jar], excludes = []) 17:07:16 [INFO] 17:07:16 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.axiom --- 17:07:16 [INFO] 17:07:16 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.axiom --- 17:07:16 [INFO] Executing tasks 17:07:16 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-api-1.2.13.jar 17:07:16 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-dom-1.2.13.jar 17:07:16 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-impl-1.2.13.jar 17:07:16 [INFO] Executed tasks 17:07:16 [INFO] 17:07:16 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 17:07:16 [INFO] Building dependencies.bean-validation 1.0 [6/69] 17:07:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:16 [INFO] 17:07:16 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 17:07:16 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 17:07:16 [INFO] 17:07:16 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 17:07:16 [INFO] 17:07:16 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 17:07:16 [INFO] Building dependencies.cxf 1.0 [7/69] 17:07:16 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 17:07:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 17:07:17 [INFO] 17:07:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 17:07:17 [INFO] Executing tasks 17:07:17 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-3.6.4.jar 17:07:17 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-3.6.4.jar 17:07:17 [INFO] Executed tasks 17:07:17 [INFO] 17:07:17 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 17:07:17 [INFO] Building dependencies.commons 1.0 [8/69] 17:07:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.commons --- 17:07:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 17:07:17 [INFO] 17:07:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 17:07:17 [INFO] 17:07:17 [INFO] ---------------< org.openspcoop2:org.openspcoop2.faces >---------------- 17:07:17 [INFO] Building dependencies.faces 1.0 [9/69] 17:07:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.faces --- 17:07:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/faces (includes = [*.jar], excludes = []) 17:07:17 [INFO] 17:07:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.faces --- 17:07:17 [INFO] 17:07:17 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 17:07:17 [INFO] Building dependencies.git 1.0 [10/69] 17:07:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.git --- 17:07:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 17:07:17 [INFO] 17:07:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 17:07:17 [INFO] 17:07:17 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 17:07:17 [INFO] Building dependencies.httpcore 1.0 [11/69] 17:07:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 17:07:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 17:07:17 [INFO] 17:07:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.httpcore --- 17:07:17 [INFO] Executing tasks 17:07:17 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-ab-4.4.15.jar 17:07:17 [INFO] Executed tasks 17:07:17 [INFO] 17:07:17 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 17:07:17 [INFO] Building dependencies.jackson 1.0 [12/69] 17:07:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 17:07:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 17:07:17 [INFO] 17:07:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 17:07:17 [INFO] 17:07:17 [INFO] ---------------< org.openspcoop2:org.openspcoop2.javax >---------------- 17:07:17 [INFO] Building dependencies.javax 1.0 [13/69] 17:07:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.javax --- 17:07:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/javax (includes = [*.jar], excludes = []) 17:07:17 [INFO] 17:07:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.javax --- 17:07:17 [INFO] 17:07:17 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jax >----------------- 17:07:17 [INFO] Building dependencies.jax 1.0 [14/69] 17:07:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:17 [INFO] 17:07:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jax --- 17:07:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jax (includes = [*.jar], excludes = []) 17:07:17 [INFO] 17:07:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jax --- 17:07:17 [INFO] 17:07:17 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.jax --- 17:07:18 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-jsr181-api-2.3.1.jar 17:07:18 [INFO] 17:07:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jax --- 17:07:18 [INFO] Executing tasks 17:07:18 [INFO] Executed tasks 17:07:18 [INFO] 17:07:18 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 17:07:18 [INFO] Building dependencies.jetty 1.0 [15/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 17:07:18 [INFO] 17:07:18 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jminix >--------------- 17:07:18 [INFO] Building dependencies.jminix 1.0 [16/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jminix --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jminix (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jminix --- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jminix --- 17:07:18 [INFO] Executing tasks 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-1.2.0.jar 17:07:18 [INFO] Executed tasks 17:07:18 [INFO] 17:07:18 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 17:07:18 [INFO] Building dependencies.json 1.0 [17/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.json --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 17:07:18 [INFO] Executing tasks 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 17:07:18 [INFO] Executed tasks 17:07:18 [INFO] 17:07:18 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.json --- 17:07:18 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.0.73.jar 17:07:18 [INFO] 17:07:18 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 17:07:18 [INFO] Building dependencies.log 1.0 [18/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.log --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 17:07:18 [INFO] Executing tasks 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.16.jar 17:07:18 [INFO] Executed tasks 17:07:18 [INFO] 17:07:18 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 17:07:18 [INFO] Building dependencies.lucene 1.0 [19/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.lucene --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 17:07:18 [INFO] 17:07:18 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 17:07:18 [INFO] Building dependencies.openapi4j 1.0 [20/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- 17:07:18 [INFO] Executing tasks 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar 17:07:18 [INFO] Executed tasks 17:07:18 [INFO] 17:07:18 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 17:07:18 [INFO] Building dependencies.opensaml 1.0 [21/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 17:07:18 [INFO] 17:07:18 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 17:07:18 [INFO] Building dependencies.pdf 1.0 [22/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.pdf --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 17:07:18 [INFO] 17:07:18 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 17:07:18 [INFO] Building dependencies.redis 1.0 [23/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.redis --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 17:07:18 [INFO] 17:07:18 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 17:07:18 [INFO] Building dependencies.reports 1.0 [24/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.reports --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 17:07:18 [INFO] 17:07:18 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 17:07:18 [INFO] Building dependencies.saaj 1.0 [25/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.saaj --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- 17:07:18 [INFO] Executing tasks 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-1.5.3.jar 17:07:18 [INFO] Executed tasks 17:07:18 [INFO] 17:07:18 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 17:07:18 [INFO] Building dependencies.security 1.0 [26/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.security --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.security --- 17:07:18 [INFO] Executing tasks 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/security/xmlsec-2.3.4.jar 17:07:18 [INFO] Executed tasks 17:07:18 [INFO] 17:07:18 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 17:07:18 [INFO] Building dependencies.shared 1.0 [27/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.shared --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- 17:07:18 [INFO] Executing tasks 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/commons-jcs3-core-3.1.jar 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-11.4.jar 17:07:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-1.33.jar 17:07:18 [INFO] Executed tasks 17:07:18 [INFO] 17:07:18 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 17:07:18 [INFO] Building dependencies.spring 1.0 [28/69] 17:07:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:18 [INFO] 17:07:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring --- 17:07:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 17:07:18 [INFO] 17:07:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.spring --- 17:07:19 [INFO] Executing tasks 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-beans-5.3.39.jar 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-5.3.39.jar 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-support-5.3.39.jar 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-core-5.3.39.jar 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-expression-5.3.39.jar 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-web-5.3.39.jar 17:07:19 [INFO] Executed tasks 17:07:19 [INFO] 17:07:19 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 17:07:19 [INFO] Building dependencies.spring-ldap 1.0 [29/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- 17:07:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 17:07:19 [INFO] 17:07:19 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 17:07:19 [INFO] Building dependencies.spring-security 1.0 [30/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- 17:07:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 17:07:19 [INFO] 17:07:19 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 17:07:19 [INFO] Building dependencies.swagger 1.0 [31/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.swagger --- 17:07:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- 17:07:19 [INFO] Executing tasks 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.6.jar 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.30.0.jar 17:07:19 [INFO] Executed tasks 17:07:19 [INFO] 17:07:19 [INFO] ----------------< org.openspcoop2:org.openspcoop2.wadl >---------------- 17:07:19 [INFO] Building dependencies.wadl 1.0 [32/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wadl --- 17:07:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wadl (includes = [*.jar], excludes = []) 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wadl --- 17:07:19 [INFO] 17:07:19 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 17:07:19 [INFO] Building dependencies.wss4j 1.0 [33/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- 17:07:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- 17:07:19 [INFO] Executing tasks 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-2.4.1.jar 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-2.4.1.jar 17:07:19 [INFO] Executed tasks 17:07:19 [INFO] 17:07:19 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 17:07:19 [INFO] Building dependencies.testsuite 1.0 [34/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 17:07:19 [INFO] Building dependencies.testsuite.axis14 1.0 [35/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 17:07:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = []) 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- 17:07:19 [INFO] Executing tasks 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar 17:07:19 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar 17:07:19 [INFO] Executed tasks 17:07:19 [INFO] 17:07:19 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 17:07:19 [INFO] Building dependencies.testsuite.as 1.0 [36/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly9 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly9 1.0 [37/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:9.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly10 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly10 1.0 [38/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:10.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly11 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly11 1.0 [39/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:11.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly12 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly12 1.0 [40/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:12.0.0.Final already exists in destination. 17:07:19 [INFO] javax.json:javax.json-api:jar:1.1.2 already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly13 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly13 1.0 [41/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:13.0.0.Final already exists in destination. 17:07:19 [INFO] javax.json:javax.json-api:jar:1.1.2 already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly14 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly14 1.0 [42/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:14.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly15 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly15 1.0 [43/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:15.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly16 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly16 1.0 [44/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:16.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly17 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly17 1.0 [45/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:17.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly18 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly18 1.0 [46/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:18.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly19 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly19 1.0 [47/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:19.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly20 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly20 1.0 [48/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:20.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly21 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly21 1.0 [49/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:21.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly22 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly22 1.0 [50/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:22.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly23 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly23 1.0 [51/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:23.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly24 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly24 1.0 [52/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:24.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly25 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly25 1.0 [53/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:25.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly26 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.wildfly26 1.0 [54/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 17:07:19 [INFO] org.wildfly:wildfly-client-all:jar:26.0.0.Final already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat9 >-- 17:07:19 [INFO] Building dependencies.testsuite.as.tomcat9 1.0 [55/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 17:07:19 [INFO] 17:07:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 17:07:19 [INFO] org.apache.tomcat:tomcat-catalina:jar:9.0.98 already exists in destination. 17:07:19 [INFO] org.apache.tomcat:tomcat-juli:jar:9.0.98 already exists in destination. 17:07:19 [INFO] 17:07:19 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 17:07:19 [INFO] Building dependencies.testsuite.test 1.0 [56/69] 17:07:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:20 [INFO] 17:07:20 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test --- 17:07:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite (includes = [*.jar], excludes = []) 17:07:20 [INFO] 17:07:20 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test --- 17:07:20 [INFO] 17:07:20 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test --- 17:07:20 [INFO] Executing tasks 17:07:20 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds-all-2.0.0.AM27.jar 17:07:20 [INFO] Executed tasks 17:07:20 [INFO] 17:07:20 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 17:07:20 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [57/69] 17:07:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:20 [INFO] 17:07:20 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 17:07:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 17:07:20 [INFO] 17:07:20 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 17:07:20 [INFO] 17:07:20 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 17:07:20 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [58/69] 17:07:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:20 [INFO] 17:07:20 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:07:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 17:07:20 [INFO] 17:07:20 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:07:20 [INFO] 17:07:20 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 17:07:20 [INFO] Building dependencies.testsuite.coverage 1.0 [59/69] 17:07:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:20 [INFO] 17:07:20 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 17:07:20 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 17:07:20 [INFO] 17:07:20 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 17:07:20 [INFO] 17:07:20 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 17:07:20 [INFO] Building compile 1.0 [60/69] 17:07:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:07:20 [INFO] 17:07:20 [INFO] --- maven-antrun-plugin:3.1.0:run (default) @ org.openspcoop2.compile --- 17:07:20 [INFO] Executing tasks 17:07:20 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/core 17:07:21 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/protocolli/modipa 17:07:21 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/protocolli/spcoop 17:07:21 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/protocolli/trasparente 17:07:22 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/protocolli/sdi 17:07:22 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/protocolli/as4 17:07:22 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/users 17:07:22 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/mvc 17:07:22 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/audit 17:07:22 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/lib/queue 17:07:22 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/control_station 17:07:22 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/monitor 17:07:23 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/web_interfaces/loader 17:07:23 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/rs/config/server 17:07:23 [INFO] [copy] Copying 1 file to /var/lib/jenkins/workspace/GovWay/tools/rs/monitor/server 17:07:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build 17:07:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/tmp 17:07:27 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist 17:07:31 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:31 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:07:31 [WARNING] [echo] **************************************** 17:07:31 [WARNING] [echo] **** DEBUG MODE ON ***** 17:07:31 [WARNING] [echo] **************************************** 17:07:31 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/utils 17:07:31 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:07:32 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils] 17:07:32 [INFO] [javac] Compiling 35 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:35 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils_RELEASE.jar 17:07:35 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:39 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:39 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:07:39 [WARNING] [echo] **************************************** 17:07:39 [WARNING] [echo] **** DEBUG MODE ON ***** 17:07:39 [WARNING] [echo] **************************************** 17:07:39 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:07:39 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/instrument] 17:07:39 [INFO] [javac] Compiling 2 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:40 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-instrument_RELEASE.jar 17:07:40 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:43 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:43 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:07:43 [WARNING] [echo] **************************************** 17:07:43 [WARNING] [echo] **** DEBUG MODE ON ***** 17:07:43 [WARNING] [echo] **************************************** 17:07:43 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:07:43 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/resources] 17:07:43 [INFO] [javac] Compiling 17 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:44 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-resources_RELEASE.jar 17:07:44 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:47 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:47 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:07:47 [WARNING] [echo] **************************************** 17:07:47 [WARNING] [echo] **** DEBUG MODE ON ***** 17:07:47 [WARNING] [echo] **************************************** 17:07:47 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:07:47 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/mime] 17:07:47 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-mime_RELEASE.jar 17:07:47 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:50 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:50 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:07:50 [WARNING] [echo] **************************************** 17:07:50 [WARNING] [echo] **** DEBUG MODE ON ***** 17:07:50 [WARNING] [echo] **************************************** 17:07:50 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:07:50 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/date] 17:07:50 [INFO] [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:51 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-date_RELEASE.jar 17:07:51 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:54 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:54 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:07:54 [WARNING] [echo] **************************************** 17:07:54 [WARNING] [echo] **** DEBUG MODE ON ***** 17:07:54 [WARNING] [echo] **************************************** 17:07:54 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:07:54 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/io] 17:07:54 [INFO] [javac] Compiling 27 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:55 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-io_RELEASE.jar 17:07:55 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:58 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:58 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:07:58 [WARNING] [echo] **************************************** 17:07:58 [WARNING] [echo] **** DEBUG MODE ON ***** 17:07:58 [WARNING] [echo] **************************************** 17:07:58 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:07:58 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/random] 17:07:58 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:07:58 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-random_RELEASE.jar 17:07:58 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:01 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:01 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:01 [WARNING] [echo] **************************************** 17:08:01 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:01 [WARNING] [echo] **************************************** 17:08:01 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:01 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/properties] 17:08:01 [INFO] [javac] Compiling 5 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:01 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-properties_RELEASE.jar 17:08:01 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:04 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:04 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:04 [WARNING] [echo] **************************************** 17:08:04 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:04 [WARNING] [echo] **************************************** 17:08:04 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:04 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jaxb] 17:08:04 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:08:04 [INFO] [javac] Compiling 15 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:04 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jaxb_RELEASE.jar 17:08:04 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:07 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:07 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:07 [WARNING] [echo] **************************************** 17:08:07 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:07 [WARNING] [echo] **************************************** 17:08:07 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:07 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jaxrs] 17:08:07 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:07 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jaxrs_RELEASE.jar 17:08:07 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:10 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:10 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:10 [WARNING] [echo] **************************************** 17:08:10 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:10 [WARNING] [echo] **************************************** 17:08:10 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:10 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xml] 17:08:10 [INFO] [javac] Compiling 40 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:12 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xml_RELEASE.jar 17:08:12 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:14 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:14 [WARNING] [echo] **************************************** 17:08:14 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:14 [WARNING] [echo] **************************************** 17:08:14 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:14 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/json] 17:08:14 [INFO] [javac] Compiling 23 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:16 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-json_RELEASE.jar 17:08:16 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:18 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:18 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:18 [WARNING] [echo] **************************************** 17:08:18 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:18 [WARNING] [echo] **************************************** 17:08:18 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:18 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xml2json] 17:08:18 [INFO] [javac] Compiling 17 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:19 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xml2json_RELEASE.jar 17:08:19 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:22 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:22 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:22 [WARNING] [echo] **************************************** 17:08:22 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:22 [WARNING] [echo] **************************************** 17:08:22 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:22 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/digest] 17:08:22 [INFO] [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:23 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-digest_RELEASE.jar 17:08:23 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:25 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:25 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:25 [WARNING] [echo] **************************************** 17:08:25 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:25 [WARNING] [echo] **************************************** 17:08:25 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:25 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/regexp] 17:08:25 [INFO] [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:26 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-regexp_RELEASE.jar 17:08:26 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:29 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:29 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:29 [WARNING] [echo] **************************************** 17:08:29 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:29 [WARNING] [echo] **************************************** 17:08:29 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:29 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate] 17:08:29 [INFO] [javac] Compiling 45 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:30 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate_RELEASE.jar 17:08:31 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:33 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:33 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:33 [WARNING] [echo] **************************************** 17:08:33 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:33 [WARNING] [echo] **************************************** 17:08:33 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:33 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/transport] 17:08:33 [INFO] [javac] Compiling 64 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:35 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-transport_RELEASE.jar 17:08:35 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:38 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:38 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:38 [WARNING] [echo] **************************************** 17:08:38 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:38 [WARNING] [echo] **************************************** 17:08:38 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:38 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/ocsp] 17:08:38 [INFO] [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:39 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-ocsp_RELEASE.jar 17:08:39 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:42 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:42 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:42 [WARNING] [echo] **************************************** 17:08:42 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:42 [WARNING] [echo] **************************************** 17:08:42 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:42 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/remote] 17:08:42 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:42 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-remote_RELEASE.jar 17:08:42 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:45 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:45 [WARNING] [echo] **************************************** 17:08:45 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:45 [WARNING] [echo] **************************************** 17:08:45 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:45 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/certificate/byok] 17:08:45 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:46 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-certificate-byok_RELEASE.jar 17:08:46 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:49 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:49 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:49 [WARNING] [echo] **************************************** 17:08:49 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:49 [WARNING] [echo] **************************************** 17:08:49 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:49 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jmx] 17:08:49 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:49 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jmx_RELEASE.jar 17:08:49 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:51 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:51 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:51 [WARNING] [echo] **************************************** 17:08:51 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:51 [WARNING] [echo] **************************************** 17:08:51 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:51 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/cache] 17:08:51 [INFO] [javac] Compiling 22 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:52 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-cache_RELEASE.jar 17:08:52 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:55 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:55 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:55 [WARNING] [echo] **************************************** 17:08:55 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:55 [WARNING] [echo] **************************************** 17:08:55 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:55 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/checksum] 17:08:55 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:55 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-checksum_RELEASE.jar 17:08:55 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:58 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:58 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:08:58 [WARNING] [echo] **************************************** 17:08:58 [WARNING] [echo] **** DEBUG MODE ON ***** 17:08:58 [WARNING] [echo] **************************************** 17:08:58 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:08:58 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/crypt] 17:08:58 [INFO] [javac] Compiling 23 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:08:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-crypt_RELEASE.jar 17:08:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:01 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:01 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:01 [WARNING] [echo] **************************************** 17:09:01 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:01 [WARNING] [echo] **************************************** 17:09:01 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:01 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/csv] 17:09:01 [INFO] [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:02 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-csv_RELEASE.jar 17:09:02 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:05 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:05 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:05 [WARNING] [echo] **************************************** 17:09:05 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:05 [WARNING] [echo] **************************************** 17:09:05 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:05 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/dch] 17:09:05 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:06 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-dch_RELEASE.jar 17:09:06 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:08 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:08 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:08 [WARNING] [echo] **************************************** 17:09:08 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:08 [WARNING] [echo] **************************************** 17:09:08 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:08 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/sql] 17:09:08 [INFO] [javac] Compiling 21 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:10 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-sql_RELEASE.jar 17:09:10 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:12 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:12 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:12 [WARNING] [echo] **************************************** 17:09:12 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:12 [WARNING] [echo] **************************************** 17:09:12 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:12 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/jdbc] 17:09:12 [INFO] [javac] Compiling 35 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:13 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-jdbc_RELEASE.jar 17:09:13 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:16 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:16 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:16 [WARNING] [echo] **************************************** 17:09:16 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:16 [WARNING] [echo] **************************************** 17:09:16 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:16 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/id] 17:09:16 [INFO] [javac] Compiling 45 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:17 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-id_RELEASE.jar 17:09:17 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:19 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:19 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:19 [WARNING] [echo] **************************************** 17:09:19 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:19 [WARNING] [echo] **************************************** 17:09:19 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:19 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/serialization] 17:09:19 [INFO] [javac] Compiling 26 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:20 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-serialization_RELEASE.jar 17:09:20 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:23 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:23 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:23 [WARNING] [echo] **************************************** 17:09:23 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:23 [WARNING] [echo] **************************************** 17:09:23 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:23 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/logger] 17:09:23 [INFO] [javac] Compiling 77 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:24 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-logger_RELEASE.jar 17:09:24 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:26 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:26 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:26 [WARNING] [echo] **************************************** 17:09:26 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:26 [WARNING] [echo] **************************************** 17:09:26 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:26 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/service] 17:09:26 [INFO] [javac] Compiling 110 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:28 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-service_RELEASE.jar 17:09:28 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:30 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:30 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:30 [WARNING] [echo] **************************************** 17:09:30 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:30 [WARNING] [echo] **************************************** 17:09:30 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:30 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/beans] 17:09:30 [INFO] [javac] Compiling 5 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:31 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-beans_RELEASE.jar 17:09:31 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:33 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:33 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:33 [WARNING] [echo] **************************************** 17:09:33 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:33 [WARNING] [echo] **************************************** 17:09:33 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:33 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/security] 17:09:33 [INFO] [javac] Compiling 40 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:35 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-security_RELEASE.jar 17:09:35 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:37 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:37 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:37 [WARNING] [echo] **************************************** 17:09:37 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:37 [WARNING] [echo] **************************************** 17:09:37 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:37 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/pdf] 17:09:37 [INFO] [javac] Compiling 11 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:38 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-pdf_RELEASE.jar 17:09:38 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:40 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:40 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:40 [WARNING] [echo] **************************************** 17:09:40 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:40 [WARNING] [echo] **************************************** 17:09:40 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:40 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/wsdl] 17:09:40 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:41 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-wsdl_RELEASE.jar 17:09:41 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:43 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:43 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:43 [WARNING] [echo] **************************************** 17:09:43 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:43 [WARNING] [echo] **************************************** 17:09:43 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:43 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/rest] 17:09:43 [INFO] [javac] Compiling 54 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:44 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-rest_RELEASE.jar 17:09:44 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:47 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:47 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:47 [WARNING] [echo] **************************************** 17:09:47 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:47 [WARNING] [echo] **************************************** 17:09:47 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:47 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/wadl] 17:09:47 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-wadl_RELEASE.jar 17:09:47 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:50 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:50 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:50 [WARNING] [echo] **************************************** 17:09:50 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:50 [WARNING] [echo] **************************************** 17:09:50 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:50 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/openapi] 17:09:50 [INFO] [javac] Compiling 27 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:51 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-openapi_RELEASE.jar 17:09:51 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:54 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:54 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:54 [WARNING] [echo] **************************************** 17:09:54 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:54 [WARNING] [echo] **************************************** 17:09:54 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:54 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/xacml] 17:09:54 [INFO] [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:55 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-xacml_RELEASE.jar 17:09:55 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:58 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:58 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:09:58 [WARNING] [echo] **************************************** 17:09:58 [WARNING] [echo] **** DEBUG MODE ON ***** 17:09:58 [WARNING] [echo] **************************************** 17:09:58 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:09:58 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/mail] 17:09:58 [INFO] [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:09:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-mail_RELEASE.jar 17:09:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:02 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:02 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:02 [WARNING] [echo] **************************************** 17:10:02 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:02 [WARNING] [echo] **************************************** 17:10:02 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:02 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/datasource] 17:10:02 [INFO] [javac] Compiling 7 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:03 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-datasource_RELEASE.jar 17:10:03 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:06 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:06 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:06 [WARNING] [echo] **************************************** 17:10:06 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:06 [WARNING] [echo] **************************************** 17:10:06 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:06 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/sonde] 17:10:06 [INFO] [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:07 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-sonde_RELEASE.jar 17:10:07 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:09 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:09 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:09 [WARNING] [echo] **************************************** 17:10:09 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:09 [WARNING] [echo] **************************************** 17:10:09 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:09 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/semaphore] 17:10:09 [INFO] [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:10 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-semaphore_RELEASE.jar 17:10:10 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:12 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:12 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:12 [WARNING] [echo] **************************************** 17:10:12 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:12 [WARNING] [echo] **************************************** 17:10:12 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:12 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/threads] 17:10:12 [INFO] [javac] Compiling 8 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:13 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils/openspcoop2_utils-threads_RELEASE.jar 17:10:13 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:16 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:16 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:16 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:10:16 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_utils_RELEASE.jar 17:10:22 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:22 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:22 [WARNING] [echo] **************************************** 17:10:22 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:22 [WARNING] [echo] **************************************** 17:10:22 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/utils-test 17:10:22 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:22 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/utils/src/org/openspcoop2/utils/test] 17:10:22 [INFO] [javac] Compiling 64 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:23 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/utils-test/openspcoop2_utils-test_RELEASE.jar 17:10:23 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:25 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:25 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:25 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:10:25 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_utils-test_RELEASE.jar 17:10:31 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:31 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:31 [WARNING] [echo] **************************************** 17:10:31 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:31 [WARNING] [echo] **************************************** 17:10:31 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:32 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/tools/generic_project/src/] 17:10:32 [INFO] [javac] Compiling 211 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:33 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_generic-project_RELEASE.jar 17:10:33 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:41 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:41 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:41 [WARNING] [echo] **************************************** 17:10:41 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:41 [WARNING] [echo] **************************************** 17:10:41 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/schemi 17:10:41 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:42 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/schemi/openspcoop2_schemi-xsd-openspcoop2_RELEASE.jar 17:10:45 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:45 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:45 [WARNING] [echo] **************************************** 17:10:45 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:45 [WARNING] [echo] **************************************** 17:10:45 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:45 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/schemi/openspcoop2_schemi-xsd-standard_RELEASE.jar 17:10:47 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:47 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:47 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:10:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_schemi-xsd_RELEASE.jar 17:10:50 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:50 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:50 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:50 [WARNING] [echo] **************************************** 17:10:50 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:50 [WARNING] [echo] **************************************** 17:10:50 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/message 17:10:50 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:51 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message/context] 17:10:51 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:10:51 [INFO] [javac] Compiling 42 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:52 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/message/openspcoop2_message-context_RELEASE.jar 17:10:52 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:54 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:54 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:54 [WARNING] [echo] **************************************** 17:10:54 [WARNING] [echo] **** DEBUG MODE ON ***** 17:10:54 [WARNING] [echo] **************************************** 17:10:54 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:54 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/message] 17:10:54 [INFO] [javac] Compiling 110 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:56 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/message/openspcoop2_message_RELEASE.jar 17:10:56 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:10:58 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:10:58 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:10:58 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:10:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_message_RELEASE.jar 17:11:04 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:04 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:04 [WARNING] [echo] **************************************** 17:11:04 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:04 [WARNING] [echo] **************************************** 17:11:04 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/core 17:11:04 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:04 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core] 17:11:04 [INFO] [javac] Compiling 12 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:05 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core_RELEASE.jar 17:11:05 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:07 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:07 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:07 [WARNING] [echo] **************************************** 17:11:07 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:07 [WARNING] [echo] **************************************** 17:11:07 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:07 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/id] 17:11:07 [INFO] [javac] Compiling 20 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:08 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-id_RELEASE.jar 17:11:08 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:10 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:10 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:10 [WARNING] [echo] **************************************** 17:11:10 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:10 [WARNING] [echo] **************************************** 17:11:10 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:10 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/commons] 17:11:10 [INFO] [javac] Compiling 20 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:11 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-commons_RELEASE.jar 17:11:11 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:14 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:14 [WARNING] [echo] **************************************** 17:11:14 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:14 [WARNING] [echo] **************************************** 17:11:14 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:14 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/byok] 17:11:14 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:14 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-byok_RELEASE.jar 17:11:14 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:17 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:17 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:17 [WARNING] [echo] **************************************** 17:11:17 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:17 [WARNING] [echo] **************************************** 17:11:17 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:17 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config] 17:11:17 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:17 [INFO] [javac] Compiling 346 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:23 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:23 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config_RELEASE.jar 17:11:23 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:25 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:25 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:25 [WARNING] [echo] **************************************** 17:11:25 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:25 [WARNING] [echo] **************************************** 17:11:25 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:25 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry] 17:11:25 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:25 [INFO] [javac] Compiling 139 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:27 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:27 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry_RELEASE.jar 17:11:27 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:29 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:29 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:29 [WARNING] [echo] **************************************** 17:11:29 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:29 [WARNING] [echo] **************************************** 17:11:29 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:29 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/tracciamento] 17:11:29 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:29 [INFO] [javac] Compiling 81 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:30 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:30 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-tracciamento_RELEASE.jar 17:11:30 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:33 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:33 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:33 [WARNING] [echo] **************************************** 17:11:33 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:33 [WARNING] [echo] **************************************** 17:11:33 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:33 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/diagnostica] 17:11:33 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:33 [INFO] [javac] Compiling 28 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:33 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-diagnostica_RELEASE.jar 17:11:33 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:36 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:36 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:36 [WARNING] [echo] **************************************** 17:11:36 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:36 [WARNING] [echo] **************************************** 17:11:36 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:36 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/transazioni] 17:11:36 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:36 [INFO] [javac] Compiling 142 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:39 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:39 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-transazioni_RELEASE.jar 17:11:39 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:42 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:42 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:42 [WARNING] [echo] **************************************** 17:11:42 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:42 [WARNING] [echo] **************************************** 17:11:42 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:42 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/eventi] 17:11:42 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:42 [INFO] [javac] Compiling 36 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:42 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:42 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-eventi_RELEASE.jar 17:11:42 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:45 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:45 [WARNING] [echo] **************************************** 17:11:45 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:45 [WARNING] [echo] **************************************** 17:11:45 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:45 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/statistiche] 17:11:45 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:45 [INFO] [javac] Compiling 91 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:47 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:47 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-statistiche_RELEASE.jar 17:11:47 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:49 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:49 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:49 [WARNING] [echo] **************************************** 17:11:49 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:49 [WARNING] [echo] **************************************** 17:11:49 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:49 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/plugins] 17:11:49 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:49 [INFO] [javac] Compiling 93 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:51 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:51 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-plugins_RELEASE.jar 17:11:51 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:53 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:53 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:53 [WARNING] [echo] **************************************** 17:11:53 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:53 [WARNING] [echo] **************************************** 17:11:53 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:53 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/controllo_traffico] 17:11:53 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:53 [INFO] [javac] Compiling 128 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:55 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:55 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-controllo_traffico_RELEASE.jar 17:11:55 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:57 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:57 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:11:57 [WARNING] [echo] **************************************** 17:11:57 [WARNING] [echo] **** DEBUG MODE ON ***** 17:11:57 [WARNING] [echo] **************************************** 17:11:57 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:11:57 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/allarmi] 17:11:57 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:11:57 [INFO] [javac] Compiling 76 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:11:58 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:11:58 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-allarmi_RELEASE.jar 17:11:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:01 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:01 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:01 [WARNING] [echo] **************************************** 17:12:01 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:01 [WARNING] [echo] **************************************** 17:12:01 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:01 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/mapping] 17:12:01 [INFO] [javac] Compiling 10 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:02 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-mapping_RELEASE.jar 17:12:02 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:04 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:04 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:04 [WARNING] [echo] **************************************** 17:12:04 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:04 [WARNING] [echo] **************************************** 17:12:04 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:04 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/eccezione/details] 17:12:04 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:12:04 [INFO] [javac] Compiling 34 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:05 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:12:05 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-eccezione-details_RELEASE.jar 17:12:05 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:07 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:07 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:07 [WARNING] [echo] **************************************** 17:12:07 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:07 [WARNING] [echo] **************************************** 17:12:07 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:07 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/eccezione/router_details] 17:12:07 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:12:07 [INFO] [javac] Compiling 25 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:08 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-eccezione-router_details_RELEASE.jar 17:12:08 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:11 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:11 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:11 [WARNING] [echo] **************************************** 17:12:11 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:11 [WARNING] [echo] **************************************** 17:12:11 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:11 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/eccezione/errore_applicativo] 17:12:11 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:12:11 [INFO] [javac] Compiling 38 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:11 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:12:11 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-eccezione-errore_applicativo_RELEASE.jar 17:12:11 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:14 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:14 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:14 [WARNING] [echo] **************************************** 17:12:14 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:14 [WARNING] [echo] **************************************** 17:12:14 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:14 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/integrazione] 17:12:14 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:12:14 [INFO] [javac] Compiling 19 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:15 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-integrazione_RELEASE.jar 17:12:15 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:17 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:17 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:17 [WARNING] [echo] **************************************** 17:12:17 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:17 [WARNING] [echo] **************************************** 17:12:17 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:17 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config/driver] 17:12:17 [INFO] [javac] Compiling 18 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:18 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config-driver_RELEASE.jar 17:12:18 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:20 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:20 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:20 [WARNING] [echo] **************************************** 17:12:20 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:20 [WARNING] [echo] **************************************** 17:12:20 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:20 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config/driver/db] 17:12:20 [INFO] [javac] Compiling 38 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:22 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config-driver-db_RELEASE.jar 17:12:22 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:25 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:25 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:25 [WARNING] [echo] **************************************** 17:12:25 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:25 [WARNING] [echo] **************************************** 17:12:25 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:25 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config/driver/xml] 17:12:25 [INFO] [javac] Compiling 1 source file to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:26 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config-driver-xml_RELEASE.jar 17:12:26 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:29 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:29 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:29 [WARNING] [echo] **************************************** 17:12:29 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:29 [WARNING] [echo] **************************************** 17:12:29 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:29 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/config/driver/utils] 17:12:29 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:29 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-config-driver-utils_RELEASE.jar 17:12:29 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:32 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:32 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:32 [WARNING] [echo] **************************************** 17:12:32 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:32 [WARNING] [echo] **************************************** 17:12:32 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:32 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver] 17:12:32 [INFO] [javac] Compiling 83 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:34 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver_RELEASE.jar 17:12:35 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:37 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:37 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:37 [WARNING] [echo] **************************************** 17:12:37 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:37 [WARNING] [echo] **************************************** 17:12:37 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:37 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/wsdl] 17:12:37 [INFO] [javac] Compiling 15 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:38 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-wsdl_RELEASE.jar 17:12:38 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:41 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:41 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:41 [WARNING] [echo] **************************************** 17:12:41 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:41 [WARNING] [echo] **************************************** 17:12:41 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:41 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/rest] 17:12:41 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:42 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-rest_RELEASE.jar 17:12:42 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:44 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:44 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:44 [WARNING] [echo] **************************************** 17:12:44 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:44 [WARNING] [echo] **************************************** 17:12:44 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:44 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/db] 17:12:44 [INFO] [javac] Compiling 36 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:46 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-db_RELEASE.jar 17:12:46 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:48 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:48 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:48 [WARNING] [echo] **************************************** 17:12:48 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:48 [WARNING] [echo] **************************************** 17:12:48 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:48 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/xml] 17:12:48 [INFO] [javac] Compiling 1 source file to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:49 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-xml_RELEASE.jar 17:12:49 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:51 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:51 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:51 [WARNING] [echo] **************************************** 17:12:51 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:51 [WARNING] [echo] **************************************** 17:12:51 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:51 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/web] 17:12:51 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:52 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-web_RELEASE.jar 17:12:52 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:54 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:54 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:54 [WARNING] [echo] **************************************** 17:12:54 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:54 [WARNING] [echo] **************************************** 17:12:54 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:54 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/uddi] 17:12:54 [INFO] [javac] Compiling 3 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:55 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-uddi_RELEASE.jar 17:12:55 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:57 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:57 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:12:57 [WARNING] [echo] **************************************** 17:12:57 [WARNING] [echo] **** DEBUG MODE ON ***** 17:12:57 [WARNING] [echo] **************************************** 17:12:57 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:12:57 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/ws] 17:12:57 [INFO] [javac] Compiling 1 source file to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:12:58 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-ws_RELEASE.jar 17:12:58 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:00 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:00 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:00 [WARNING] [echo] **************************************** 17:13:00 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:00 [WARNING] [echo] **************************************** 17:13:00 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:00 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/registry/driver/utils] 17:13:00 [INFO] [javac] Compiling 5 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:00 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-registry-driver-utils_RELEASE.jar 17:13:00 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:03 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:03 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:03 [WARNING] [echo] **************************************** 17:13:03 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:03 [WARNING] [echo] **************************************** 17:13:03 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:03 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/commons/search] 17:13:03 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:13:03 [INFO] [javac] Compiling 184 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:06 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:13:06 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-commons-search_RELEASE.jar 17:13:06 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:10 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:10 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:10 [WARNING] [echo] **************************************** 17:13:10 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:10 [WARNING] [echo] **************************************** 17:13:10 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:10 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/commons/dao] 17:13:10 [INFO] [javac] Compiling 4 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:10 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-commons-dao_RELEASE.jar 17:13:10 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:13 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:13 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:13 [WARNING] [echo] **************************************** 17:13:13 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:13 [WARNING] [echo] **************************************** 17:13:13 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:13 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/core/mvc/properties] 17:13:13 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:13:13 [INFO] [javac] Compiling 59 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:14 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:13:14 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/core/openspcoop2_core-mvc_properties_RELEASE.jar 17:13:14 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:17 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:17 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:17 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:13:17 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_core_RELEASE.jar 17:13:24 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:24 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:24 [WARNING] [echo] **************************************** 17:13:24 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:24 [WARNING] [echo] **************************************** 17:13:24 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/protocol-api 17:13:24 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:24 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/manifest] 17:13:24 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:13:24 [INFO] [javac] Compiling 131 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:26 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:13:26 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-manifest_RELEASE.jar 17:13:26 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:28 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:28 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:28 [WARNING] [echo] **************************************** 17:13:28 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:28 [WARNING] [echo] **************************************** 17:13:28 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:28 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/information_missing] 17:13:28 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:13:28 [INFO] [javac] Compiling 83 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:29 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:13:29 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-information_missing_RELEASE.jar 17:13:29 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:32 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:32 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:32 [WARNING] [echo] **************************************** 17:13:32 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:32 [WARNING] [echo] **************************************** 17:13:32 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:32 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/sdk] 17:13:32 [INFO] [javac] Compiling 219 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:34 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-sdk_RELEASE.jar 17:13:34 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:36 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:36 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:36 [WARNING] [echo] **************************************** 17:13:36 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:36 [WARNING] [echo] **************************************** 17:13:36 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:36 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/utils] 17:13:36 [INFO] [javac] Compiling 19 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:38 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-utils_RELEASE.jar 17:13:38 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:41 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:41 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:41 [WARNING] [echo] **************************************** 17:13:41 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:41 [WARNING] [echo] **************************************** 17:13:41 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:41 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/registry] 17:13:41 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:42 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-registry_RELEASE.jar 17:13:42 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:45 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:45 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:45 [WARNING] [echo] **************************************** 17:13:45 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:45 [WARNING] [echo] **************************************** 17:13:45 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:45 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/abstraction] 17:13:45 [WARNING] [javac] anomalous package-info.java path: package-info.java 17:13:45 [INFO] [javac] Compiling 64 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:45 [INFO] [javac] Creating empty /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2/constants/package-info.class 17:13:45 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-abstraction_RELEASE.jar 17:13:45 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:48 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:48 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:48 [WARNING] [echo] **************************************** 17:13:48 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:48 [WARNING] [echo] **************************************** 17:13:48 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:48 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/protocol/basic] 17:13:48 [INFO] [javac] Compiling 63 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:50 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/protocol-api/openspcoop2_protocol-basic_RELEASE.jar 17:13:50 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:53 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:53 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:53 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:13:53 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_protocol-api_RELEASE.jar 17:13:58 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:58 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:13:58 [WARNING] [echo] **************************************** 17:13:58 [WARNING] [echo] **** DEBUG MODE ON ***** 17:13:58 [WARNING] [echo] **************************************** 17:13:58 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/monitor-api 17:13:58 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:13:58 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/monitor/sdk] 17:13:58 [INFO] [javac] Compiling 69 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:13:59 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/monitor-api/openspcoop2_monitor-sdk_RELEASE.jar 17:13:59 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:01 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:14:01 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:14:01 [WARNING] [echo] GIT Repo:[/var/lib/jenkins/workspace/GovWay] 17:14:01 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/openspcoop2_monitor-api_RELEASE.jar 17:14:07 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:07 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:14:07 [WARNING] [echo] **************************************** 17:14:07 [WARNING] [echo] **** DEBUG MODE ON ***** 17:14:07 [WARNING] [echo] **************************************** 17:14:07 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/dist/security 17:14:07 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:14:08 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security] 17:14:08 [INFO] [javac] Compiling 49 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:09 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-core_RELEASE.jar 17:14:09 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:11 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:11 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:14:11 [WARNING] [echo] **************************************** 17:14:11 [WARNING] [echo] **** DEBUG MODE ON ***** 17:14:11 [WARNING] [echo] **************************************** 17:14:11 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:14:11 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message] 17:14:11 [INFO] [javac] Compiling 52 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:12 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message_RELEASE.jar 17:14:12 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:15 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:15 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:14:15 [WARNING] [echo] **************************************** 17:14:15 [WARNING] [echo] **** DEBUG MODE ON ***** 17:14:15 [WARNING] [echo] **************************************** 17:14:15 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:14:15 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/engine] 17:14:15 [INFO] [javac] Compiling 9 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:15 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message-engine_RELEASE.jar 17:14:15 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:18 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:18 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:14:18 [WARNING] [echo] **************************************** 17:14:18 [WARNING] [echo] **** DEBUG MODE ON ***** 17:14:18 [WARNING] [echo] **************************************** 17:14:18 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:14:18 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/jose] 17:14:18 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:19 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message-jose_RELEASE.jar 17:14:19 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:21 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:21 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:14:21 [WARNING] [echo] **************************************** 17:14:21 [WARNING] [echo] **** DEBUG MODE ON ***** 17:14:21 [WARNING] [echo] **************************************** 17:14:21 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:14:21 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/xml] 17:14:21 [INFO] [javac] Compiling 12 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:22 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message-xml_RELEASE.jar 17:14:22 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:25 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:25 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:14:25 [WARNING] [echo] **************************************** 17:14:25 [WARNING] [echo] **** DEBUG MODE ON ***** 17:14:25 [WARNING] [echo] **************************************** 17:14:25 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:14:25 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/wss4j] 17:14:25 [INFO] [javac] Compiling 14 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:26 [INFO] [jar] Building jar: /var/lib/jenkins/workspace/GovWay/dist/security/openspcoop2_security-message-wss4j_RELEASE.jar 17:14:26 [INFO] [delete] Deleting directory /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:29 [INFO] [mkdir] Created dir: /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:29 [WARNING] [echo] Java home: /opt/openjdk-11.0.12_7/ 17:14:29 [WARNING] [echo] **************************************** 17:14:29 [WARNING] [echo] **** DEBUG MODE ON ***** 17:14:29 [WARNING] [echo] **************************************** 17:14:29 [WARNING] [echo] Raccolta informazioni git per inserimento in manifest... 17:14:29 [WARNING] [echo] compileSRC[/var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox] 17:14:29 [INFO] [javac] Compiling 17 source files to /var/lib/jenkins/workspace/GovWay/build/compile-jar-openspcoop2 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:67: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoSupport; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:68: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoUtil; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:69: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.EncryptionRequest; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:70: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.InvalidMessageDataException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:71: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.InvalidOptionException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:72: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:73: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.Processor; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:74: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SBConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:75: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityFailureException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:88: error: package com.sun.xml.wss.core does not exist 17:14:30 import com.sun.xml.wss.core.EncryptedDataHeaderBlock; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:89: error: package com.sun.xml.wss.swa does not exist 17:14:30 import com.sun.xml.wss.swa.MimeConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:102: error: cannot find symbol 17:14:30 public class EncryptPartialMessageProcessor implements Processor { 17:14:30 ^ 17:14:30 symbol: class Processor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:140: error: package org.adroitlogic.soapbox does not exist 17:14:30 public void process(org.adroitlogic.soapbox.SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:140: error: cannot find symbol 17:14:30 public void process(org.adroitlogic.soapbox.SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class EncryptPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:254: error: cannot find symbol 17:14:30 private Element createEncryptedKey(Document doc, EncryptionRequest encReq, 17:14:30 ^ 17:14:30 symbol: class EncryptionRequest 17:14:30 location: class EncryptPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:255: error: package org.adroitlogic.soapbox does not exist 17:14:30 String cipherValue, org.adroitlogic.soapbox.SecurityConfig secConfig, MessageSecurityContext msgSecCtx, String referenceId) { 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:255: error: cannot find symbol 17:14:30 String cipherValue, org.adroitlogic.soapbox.SecurityConfig secConfig, MessageSecurityContext msgSecCtx, String referenceId) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class EncryptPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:292: error: cannot find symbol 17:14:30 private void processElements(MessageSecurityContext msgSecCtx, 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class EncryptPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/EncryptPartialMessageProcessor.java:380: error: cannot find symbol 17:14:30 private void processAttachments(MessageSecurityContext msgSecCtx) throws Exception { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class EncryptPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/MessageSecurityContext_soapbox.java:25: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoSupport; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/MessageSecurityReceiver_soapbox.java:39: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/MessageSecurityReceiver_soapbox.java:40: error: package org.adroitlogic.ultraesb.core does not exist 17:14:30 import org.adroitlogic.ultraesb.core.MessageImpl; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/MessageSecuritySender_soapbox.java:35: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/MessageSecuritySender_soapbox.java:36: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityRequest; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/MessageSecuritySender_soapbox.java:37: error: package org.adroitlogic.ultraesb.core does not exist 17:14:30 import org.adroitlogic.ultraesb.core.MessageImpl; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/MessageSecuritySender_soapbox.java:520: error: cannot find symbol 17:14:30 private void updateSecurityContextForSignature(MessageSecurityContext msgSecCtx, Map<String, Object> outProps, String aliasSignatureUser) throws Exception { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class MessageSecuritySender_soapbox 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/MessageSecuritySender_soapbox.java:574: error: cannot find symbol 17:14:30 private void updateSecurityContextForEncryption(MessageSecurityContext msgSecCtx, Map<String, Object> outProps, String aliasEncryptUser) throws Exception { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class MessageSecuritySender_soapbox 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:59: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoSupport; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:60: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoUtil; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:61: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.EncryptionRequest; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:62: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.InvalidMessageDataException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:63: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:64: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.Processor; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:65: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SBConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:66: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityFailureException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:81: error: package com.sun.xml.wss does not exist 17:14:30 import com.sun.xml.wss.XWSSecurityException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:82: error: package com.sun.xml.wss.core does not exist 17:14:30 import com.sun.xml.wss.core.EncryptedDataHeaderBlock; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:83: error: package com.sun.xml.wss.swa does not exist 17:14:30 import com.sun.xml.wss.swa.MimeConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:97: error: cannot find symbol 17:14:30 public class ProcessPartialEncryptedMessage implements Processor { 17:14:30 ^ 17:14:30 symbol: class Processor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:121: error: package org.adroitlogic.soapbox does not exist 17:14:30 public void process(org.adroitlogic.soapbox.SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:121: error: cannot find symbol 17:14:30 public void process(org.adroitlogic.soapbox.SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class ProcessPartialEncryptedMessage 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:213: error: cannot find symbol 17:14:30 public void decryptDataReference(MessageSecurityContext msgSecCtx, String wsuId, byte[] decryptedeEphemeralKey) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class ProcessPartialEncryptedMessage 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:277: error: cannot find symbol 17:14:30 public static AttachmentPart decryptAttachment(AttachmentPart part, EncryptedDataHeaderBlock edhb, 17:14:30 ^ 17:14:30 symbol: class EncryptedDataHeaderBlock 17:14:30 location: class ProcessPartialEncryptedMessage 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessPartialEncryptedMessage.java:278: error: cannot find symbol 17:14:30 SecretKey key, String type) throws XWSSecurityException, IOException, SOAPException, MessagingException, Base64DecodingException { 17:14:30 ^ 17:14:30 symbol: class XWSSecurityException 17:14:30 location: class ProcessPartialEncryptedMessage 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessSignedMessage.java:42: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoUtil; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessSignedMessage.java:43: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessSignedMessage.java:44: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.Processor; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessSignedMessage.java:45: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SBConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessSignedMessage.java:46: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityFailureException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessSignedMessage.java:65: error: cannot find symbol 17:14:30 public class ProcessSignedMessage implements Processor { 17:14:30 ^ 17:14:30 symbol: class Processor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessSignedMessage.java:88: error: package org.adroitlogic.soapbox does not exist 17:14:30 public void process(org.adroitlogic.soapbox.SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessSignedMessage.java:88: error: cannot find symbol 17:14:30 public void process(org.adroitlogic.soapbox.SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class ProcessSignedMessage 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:47: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoUtil; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:48: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.InvalidMessageDataException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:49: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:50: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.Processor; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:51: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SBConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:52: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityConfig; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:53: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityFailureException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:73: error: cannot find symbol 17:14:30 public class ProcessTimestampedMessage implements Processor { 17:14:30 ^ 17:14:30 symbol: class Processor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:86: error: cannot find symbol 17:14:30 public void process(SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class SecurityConfig 17:14:30 location: class ProcessTimestampedMessage 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/ProcessTimestampedMessage.java:86: error: cannot find symbol 17:14:30 public void process(SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class ProcessTimestampedMessage 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:48: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoUtil; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:49: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.InvalidMessageDataException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:50: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:51: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.Processor; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:52: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SBConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:53: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityConfig; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:54: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityFailureException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:55: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SignatureRequest; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:80: error: cannot find symbol 17:14:30 public class SignPartialMessageProcessor implements Processor { 17:14:30 ^ 17:14:30 symbol: class Processor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:116: error: cannot find symbol 17:14:30 public void process(SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class SecurityConfig 17:14:30 location: class SignPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:116: error: cannot find symbol 17:14:30 public void process(SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class SignPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:279: error: cannot find symbol 17:14:30 protected void addKeyInfo(Element signatureElem,Document doc,SignatureRequest signReq,MessageSecurityContext msgSecCtx, 17:14:30 ^ 17:14:30 symbol: class SignatureRequest 17:14:30 location: class SignPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:279: error: cannot find symbol 17:14:30 protected void addKeyInfo(Element signatureElem,Document doc,SignatureRequest signReq,MessageSecurityContext msgSecCtx, 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class SignPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:280: error: cannot find symbol 17:14:30 SecurityConfig secConfig,Element wsseSecurityElem){ 17:14:30 ^ 17:14:30 symbol: class SecurityConfig 17:14:30 location: class SignPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:368: error: cannot find symbol 17:14:30 List<AttachmentPart> part, SignatureRequest signReq, 17:14:30 ^ 17:14:30 symbol: class SignatureRequest 17:14:30 location: class SignPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SignPartialMessageProcessor.java:506: error: cannot find symbol 17:14:30 private void signElements(List<Element> signList,List<Boolean> signTypeList, SignatureRequest signReq, 17:14:30 ^ 17:14:30 symbol: class SignatureRequest 17:14:30 location: class SignPartialMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SoapBoxSecurityConfig.java:77: error: package org.adroitlogic.soapbox does not exist 17:14:30 public class SoapBoxSecurityConfig extends org.adroitlogic.soapbox.SecurityConfig { 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SymmetricCryptoUtils.java:23: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SymmetricCryptoUtils.java:24: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SBConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SymmetricCryptoUtils.java:25: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityConfig; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SymmetricCryptoUtils.java:26: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityRequest; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SymmetricCryptoUtils.java:40: error: cannot find symbol 17:14:30 Document doc, SecurityRequest secReq, MessageSecurityContext msgSecCtx, SecurityConfig secConfig) { 17:14:30 ^ 17:14:30 symbol: class SecurityRequest 17:14:30 location: class SymmetricCryptoUtils 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SymmetricCryptoUtils.java:40: error: cannot find symbol 17:14:30 Document doc, SecurityRequest secReq, MessageSecurityContext msgSecCtx, SecurityConfig secConfig) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class SymmetricCryptoUtils 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/SymmetricCryptoUtils.java:40: error: cannot find symbol 17:14:30 Document doc, SecurityRequest secReq, MessageSecurityContext msgSecCtx, SecurityConfig secConfig) { 17:14:30 ^ 17:14:30 symbol: class SecurityConfig 17:14:30 location: class SymmetricCryptoUtils 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:45: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoUtil; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:46: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.InvalidMessageDataException; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:47: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:48: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.Processor; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:49: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SBConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:50: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityConfig; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:69: error: cannot find symbol 17:14:30 public class TimestampMessageProcessor implements Processor { 17:14:30 ^ 17:14:30 symbol: class Processor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:77: error: cannot find symbol 17:14:30 public void process(SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class SecurityConfig 17:14:30 location: class TimestampMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/TimestampMessageProcessor.java:77: error: cannot find symbol 17:14:30 public void process(SecurityConfig secConfig, MessageSecurityContext msgSecCtx) { 17:14:30 ^ 17:14:30 symbol: class MessageSecurityContext 17:14:30 location: class TimestampMessageProcessor 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/WSSUtils.java:30: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.CryptoUtil; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/WSSUtils.java:31: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.MessageSecurityContext; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/WSSUtils.java:32: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SBConstants; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/WSSUtils.java:33: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityConfig; 17:14:30 ^ 17:14:30 /var/lib/jenkins/workspace/GovWay/core/src/org/openspcoop2/security/message/soapbox/WSSUtils.java:34: error: package org.adroitlogic.soapbox does not exist 17:14:30 import org.adroitlogic.soapbox.SecurityRequest; 17:14:30 ^ 17:14:30 100 errors 17:14:30 [INFO] ------------------------------------------------------------------------ 17:14:30 [INFO] Reactor Summary for govway 1.0: 17:14:30 [INFO] 17:14:30 [INFO] govway ............................................. SUCCESS [ 0.003 s] 17:14:30 [INFO] dependencies ....................................... SUCCESS [ 0.001 s] 17:14:30 [INFO] dependencies.ant ................................... SUCCESS [ 1.440 s] 17:14:30 [INFO] dependencies.antinstaller .......................... SUCCESS [ 0.033 s] 17:14:30 [INFO] dependencies.axiom ................................. SUCCESS [ 0.526 s] 17:14:30 [INFO] dependencies.bean-validation ....................... SUCCESS [ 0.083 s] 17:14:30 [INFO] dependencies.cxf ................................... SUCCESS [ 0.487 s] 17:14:30 [INFO] dependencies.commons ............................... SUCCESS [ 0.116 s] 17:14:30 [INFO] dependencies.faces ................................. SUCCESS [ 0.049 s] 17:14:30 [INFO] dependencies.git ................................... SUCCESS [ 0.022 s] 17:14:30 [INFO] dependencies.httpcore .............................. SUCCESS [ 0.199 s] 17:14:30 [INFO] dependencies.jackson ............................... SUCCESS [ 0.052 s] 17:14:30 [INFO] dependencies.javax ................................. SUCCESS [ 0.041 s] 17:14:30 [INFO] dependencies.jax ................................... SUCCESS [ 0.162 s] 17:14:30 [INFO] dependencies.jetty ................................. SUCCESS [ 0.041 s] 17:14:30 [INFO] dependencies.jminix ................................ SUCCESS [ 0.060 s] 17:14:30 [INFO] dependencies.json .................................. SUCCESS [ 0.081 s] 17:14:30 [INFO] dependencies.log ................................... SUCCESS [ 0.117 s] 17:14:30 [INFO] dependencies.lucene ................................ SUCCESS [ 0.018 s] 17:14:30 [INFO] dependencies.openapi4j ............................. SUCCESS [ 0.055 s] 17:14:30 [INFO] dependencies.opensaml .............................. SUCCESS [ 0.064 s] 17:14:30 [INFO] dependencies.pdf ................................... SUCCESS [ 0.029 s] 17:14:30 [INFO] dependencies.redis ................................. SUCCESS [ 0.067 s] 17:14:30 [INFO] dependencies.reports ............................... SUCCESS [ 0.033 s] 17:14:30 [INFO] dependencies.saaj .................................. SUCCESS [ 0.056 s] 17:14:30 [INFO] dependencies.security .............................. SUCCESS [ 0.065 s] 17:14:30 [INFO] dependencies.shared ................................ SUCCESS [ 0.177 s] 17:14:30 [INFO] dependencies.spring ................................ SUCCESS [ 0.106 s] 17:14:30 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 0.014 s] 17:14:30 [INFO] dependencies.spring-security ....................... SUCCESS [ 0.013 s] 17:14:30 [INFO] dependencies.swagger ............................... SUCCESS [ 0.100 s] 17:14:30 [INFO] dependencies.wadl .................................. SUCCESS [ 0.010 s] 17:14:30 [INFO] dependencies.wss4j ................................. SUCCESS [ 0.090 s] 17:14:30 [INFO] dependencies.testsuite ............................. SUCCESS [ 0.001 s] 17:14:30 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 0.074 s] 17:14:30 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 0.001 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly9 ................. SUCCESS [ 0.030 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly10 ................ SUCCESS [ 0.035 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly11 ................ SUCCESS [ 0.029 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly12 ................ SUCCESS [ 0.035 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly13 ................ SUCCESS [ 0.032 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly14 ................ SUCCESS [ 0.026 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly15 ................ SUCCESS [ 0.026 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly16 ................ SUCCESS [ 0.027 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly17 ................ SUCCESS [ 0.031 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly18 ................ SUCCESS [ 0.029 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly19 ................ SUCCESS [ 0.030 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly20 ................ SUCCESS [ 0.029 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly21 ................ SUCCESS [ 0.030 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly22 ................ SUCCESS [ 0.099 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly23 ................ SUCCESS [ 0.026 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly24 ................ SUCCESS [ 0.031 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly25 ................ SUCCESS [ 0.030 s] 17:14:30 [INFO] dependencies.testsuite.as.wildfly26 ................ SUCCESS [ 0.030 s] 17:14:30 [INFO] dependencies.testsuite.as.tomcat9 .................. SUCCESS [ 0.008 s] 17:14:30 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 0.107 s] 17:14:30 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 0.011 s] 17:14:30 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 0.006 s] 17:14:30 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 0.018 s] 17:14:30 [INFO] compile ............................................ FAILURE [07:10 min] 17:14:30 [INFO] package ............................................ SKIPPED 17:14:30 [INFO] testsuite.utils .................................... SKIPPED 17:14:30 [INFO] testsuite.utils.sql ................................ SKIPPED 17:14:30 [INFO] testsuite.pdd.core ................................. SKIPPED 17:14:30 [INFO] testsuite.pdd.core.sql ............................. SKIPPED 17:14:30 [INFO] static_analysis.spotbugs ........................... SKIPPED 17:14:30 [INFO] static_analysis.sonarqube .......................... SKIPPED 17:14:30 [INFO] dynamic_analysis.zap ............................... SKIPPED 17:14:30 [INFO] coverage.jacoco .................................... SKIPPED 17:14:30 [INFO] ------------------------------------------------------------------------ 17:14:30 [INFO] BUILD FAILURE 17:14:30 [INFO] ------------------------------------------------------------------------ 17:14:30 [INFO] Total time: 07:16 min 17:14:30 [INFO] Finished at: 2025-01-08T17:14:30+01:00 17:14:30 [INFO] ------------------------------------------------------------------------ 17:14:30 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:3.1.0:run (default) on project org.openspcoop2.compile: An Ant BuildException has occured: The following error occurred while executing this line: 17:14:30 [ERROR] /var/lib/jenkins/workspace/GovWay/build.xml:358: The following error occurred while executing this line: 17:14:30 [ERROR] /var/lib/jenkins/workspace/GovWay/core/ant/openspcoop2-security-build.xml:131: The following error occurred while executing this line: 17:14:30 [ERROR] /var/lib/jenkins/workspace/GovWay/ant/commons/compile-build.xml:149: Compile failed; see the compiler error output for details. 17:14:30 [ERROR] around Ant part ...<ant useNativeBasedir="true" antfile="../../build.xml">... @ 9:60 in /var/lib/jenkins/workspace/GovWay/mvn/compile/target/antrun/build-main.xml 17:14:30 [ERROR] -> [Help 1] 17:14:30 [ERROR] 17:14:30 [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. 17:14:30 [ERROR] Re-run Maven using the -X switch to enable full debug logging. 17:14:30 [ERROR] 17:14:30 [ERROR] For more information about the errors and possible solutions, please read the following articles: 17:14:30 [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException 17:14:30 [ERROR] 17:14:30 [ERROR] After correcting the problems, you can resume the build with the command 17:14:30 [ERROR] mvn <args> -rf :org.openspcoop2.compile 17:14:30 Build step 'Conditional steps (multiple)' marked build as failure 17:14:30 INFO: Processing JUnit 17:14:30 ERROR: Step ‘Publish xUnit test result report’ failed: [JUnit] - No test report file(s) were found with the pattern 'tools/rs/*/server/testsuite/risultati-testsuite/TEST-*.xml' relative to '/var/lib/jenkins/workspace/GovWay' for the testing framework 'JUnit'. 17:14:30 Did you enter a pattern relative to (and within) the workspace directory? 17:14:30 Did you generate the result report(s) for 'JUnit'?" 17:14:30 TestNG Reports Processing: START 17:14:30 Looking for TestNG results report in workspace using pattern: **/testng-results.xml 17:14:30 Did not find any matching files. 17:14:30 Collecting Dependency-Check artifact 17:14:30 Parsing file /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml 17:14:30 [SpotBugsZed Attack Proxy (ZAP)] Skipping execution of recorder since overall result is 'FAILURE' 17:14:30 Started calculate disk usage of build 17:14:30 Finished Calculation of disk usage of build in 0 seconds 17:14:31 Started calculate disk usage of workspace 17:14:31 Finished Calculation of disk usage of workspace in 0 seconds 17:14:31 Finished: FAILURE