17:26:51 Started by GitHub push by andreapoli 17:26:51 Started by GitHub push by andreapoli 17:26:51 Running as SYSTEM 17:26:51 Building in workspace /var/lib/jenkins/workspace/GovWay 17:26:51 [WS-CLEANUP] Clean-up disabled, skipping workspace deletion. 17:26:51 The recommended git tool is: NONE 17:26:51 No credentials specified 17:26:51 > /usr/bin/git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/GovWay/.git # timeout=10 17:26:51 Fetching changes from the remote Git repository 17:26:51 > /usr/bin/git config remote.origin.url https://github.com/link-it/govway.git # timeout=10 17:26:51 Fetching upstream changes from https://github.com/link-it/govway.git 17:26:51 > /usr/bin/git --version # timeout=10 17:26:51 > git --version # 'git version 2.23.1' 17:26:51 > /usr/bin/git fetch --tags --force --progress -- https://github.com/link-it/govway.git +refs/heads/*:refs/remotes/origin/* # timeout=10 17:26:53 > /usr/bin/git rev-parse origin/master^{commit} # timeout=10 17:26:53 Checking out Revision 8cc8a8f86a45632cccd359c0b754cf88a7c62557 (origin/master) 17:26:53 > /usr/bin/git config core.sparsecheckout # timeout=10 17:26:53 > /usr/bin/git checkout -f 8cc8a8f86a45632cccd359c0b754cf88a7c62557 # timeout=10 17:26:53 Commit message: "[TestSuite] Rivista testsuite DPoP per adeguare tempistiche rispetto all'ambiente CI Jenkins" 17:26:53 > /usr/bin/git rev-list --no-walk d722383cb4f8147aa36d4a585d4b8a43b2413d1a # timeout=10 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 Run condition [Boolean condition] enabling prebuild for step [BuilderChain] 17:26:53 [GovWay] $ /bin/bash /tmp/jenkins1126013337432607803.sh 17:26:53 ============================= 17:26:53 General Info 17:26:53 Workspace: /var/lib/jenkins/workspace/GovWay 17:26:53 Build: true 17:26:53 Deploy: true 17:26:53 Test: true 17:26:53 Test Integrazione: true 17:26:53 ============================= 17:26:53 17:26:53 ============================= 17:26:53 Environment Info 17:26:53 HOME: /var/lib/jenkins 17:26:53 ANT_OPTS: -Xmx1024m -XX:MaxMetaspaceSize=700m -XX:+UseG1GC 17:26:53 MAVEN_OPTS: 17:26:53 SOFTHSM2_CONF: /home/ec2-user/lib/softhsm/softhsm2.conf 17:26:53 SONAR_SCANNER_OPTS: 17:26:53 ============================= 17:26:53 17:26:53 ============================= 17:26:53 Java 17:26:53 openjdk version "11.0.12" 2021-07-20 17:26:53 OpenJDK Runtime Environment 18.9 (build 11.0.12+7) 17:26:53 OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7, mixed mode) 17:26:53 ============================= 17:26:53 17:26:53 ============================= 17:26:53 Git Info 17:26:53 Url: https://github.com/link-it/govway.git 17:26:53 branch: origin/master 17:26:53 commit: 8cc8a8f86a45632cccd359c0b754cf88a7c62557 17:26:53 previuos commit: d722383cb4f8147aa36d4a585d4b8a43b2413d1a 17:26:53 previuos successful commit: d722383cb4f8147aa36d4a585d4b8a43b2413d1a 17:26:53 commit message: [TestSuite] 17:26:53 Rivista testsuite DPoP per adeguare tempistiche rispetto all'ambiente CI Jenkins 17:26:53 ============================= 17:26:53 17:26:53 ============================= 17:26:53 NODEjs Info 17:26:53 v22.14.0 17:26:54 { 17:26:54 npm: '10.9.2', 17:26:54 node: '22.14.0', 17:26:54 acorn: '8.14.0', 17:26:54 ada: '2.9.2', 17:26:54 amaro: '0.3.0', 17:26:54 ares: '1.34.4', 17:26:54 brotli: '1.1.0', 17:26:54 cjs_module_lexer: '1.4.1', 17:26:54 cldr: '46.0', 17:26:54 icu: '76.1', 17:26:54 llhttp: '9.2.1', 17:26:54 modules: '127', 17:26:54 napi: '10', 17:26:54 nbytes: '0.1.1', 17:26:54 ncrypto: '0.0.1', 17:26:54 nghttp2: '1.64.0', 17:26:54 nghttp3: '1.6.0', 17:26:54 ngtcp2: '1.10.0', 17:26:54 openssl: '3.0.15+quic', 17:26:54 simdjson: '3.10.1', 17:26:54 simdutf: '6.0.3', 17:26:54 sqlite: '3.47.2', 17:26:54 tz: '2024b', 17:26:54 undici: '6.21.1', 17:26:54 unicode: '16.0', 17:26:54 uv: '1.49.2', 17:26:54 uvwasi: '0.0.21', 17:26:54 v8: '12.4.254.21-node.22', 17:26:54 zlib: '1.3.0.1-motley-82a5fec' 17:26:54 } 17:26:54 ============================= 17:26:54 17:26:54 ============================= 17:26:54 OWASP ZAP Info 'ZAP_2.17.0' 17:26:54 Associo diritti di esecuzione agli script zap ... 17:26:54 Associati diritti di esecuzione agli script zap 17:26:54 Update ... 17:26:54 Execute: /opt/openjdk-17.0.14+7/bin/java -classpath /opt/zaproxy/ZAP_2.17.0/*:/opt/zaproxy/ZAP_2.17.0/lib/* org.zaproxy.zap.ZAP -cmd -addonupdate -port 8280 -host 127.0.0.1 17:26:54 Defaulting ZAP install dir to /opt/zaproxy/ZAP_2.17.0 17:27:08 Add-on update check complete 17:27:15 Update effettuato 17:27:15 ============================= 17:27:15 17:27:15 17:27:15 17:27:15 Fermo application server ... 17:27:15 Tomcat is not running 17:27:15 Fermo application server effettuato 17:27:15 Ripulisco log application server ... 17:27:15 Ripulisco log application server effettuato 17:27:15 Predispongo dir testsuite ... 17:27:15 Predispongo dir testsuite ok 17:27:15 Ripulisco output jacoco ... 17:27:15 Ripulisco output jacoco effettuato 17:27:15 Fermo sonarqube ... 17:27:15 17:27:15 Gracefully stopping SonarQube... 17:27:16 Stopped SonarQube. 17:27:16 Fermo sonarqube effettuato 17:27:16 Verifico che il workspace non esista ... 17:27:16 Non e' stata rilevata una corretta re-inizializzazione del Workspace 17:27:16 [Boolean condition] checking [true] against [^(1|y|yes|t|true|on|run)$] (origin token: ${GOVWAY_BUILD}) 17:27:16 Run condition [Boolean condition] enabling perform for step [BuilderChain] 17:27:16 [GovWay] $ /bin/sh -xe /tmp/jenkins14624946053605680423.sh 17:27:16 + perl -pi -e s/log4bash.appender=ColorConsoleAppender/log4bash.appender=ConsoleAppender/g /var/lib/jenkins/workspace/GovWay/distrib/log4bash.properties 17:27:16 + sed -i -e 's#<module>swagger-codegen</module>#<!-- <module>swagger-codegen</module> -->#g' /var/lib/jenkins/workspace/GovWay/mvn/dependencies/pom.xml 17:27:16 + sed -i -e s#UPDATE_DOC=true#UPDATE_DOC=false#g /var/lib/jenkins/workspace/GovWay/distrib/distrib.sh 17:27:16 + sed -i -e s#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver,db2#DB_VERSION=postgresql,mysql,oracle,hsql,sqlserver#g /var/lib/jenkins/workspace/GovWay/ant/setup/prepare-build.properties 17:27:16 + sed -i -e 's#<dependencies.soapbox>false</dependencies.soapbox>#<dependencies.soapbox>true</dependencies.soapbox>#g' /var/lib/jenkins/workspace/GovWay/pom.xml 17:27:16 [GovWay] $ /opt/apache-maven-3.6.3/bin/mvn -Ddependencies.soapbox=true initialize 17:27:18 [INFO] Scanning for projects... 17:27:19 [INFO] ------------------------------------------------------------------------ 17:27:19 [INFO] Reactor Build Order: 17:27:19 [INFO] 17:27:19 [INFO] govway [pom] 17:27:19 [INFO] dependencies [pom] 17:27:19 [INFO] dependencies.ant [pom] 17:27:19 [INFO] dependencies.antinstaller [pom] 17:27:19 [INFO] dependencies.axiom [pom] 17:27:19 [INFO] dependencies.bean-validation [pom] 17:27:19 [INFO] dependencies.cxf [pom] 17:27:19 [INFO] dependencies.commons [pom] 17:27:19 [INFO] dependencies.faces [pom] 17:27:19 [INFO] dependencies.git [pom] 17:27:19 [INFO] dependencies.httpcore [pom] 17:27:19 [INFO] dependencies.jackson [pom] 17:27:19 [INFO] dependencies.javax [pom] 17:27:19 [INFO] dependencies.jax [pom] 17:27:19 [INFO] dependencies.jetty [pom] 17:27:19 [INFO] dependencies.jminix [pom] 17:27:19 [INFO] dependencies.json [pom] 17:27:19 [INFO] dependencies.log [pom] 17:27:19 [INFO] dependencies.lucene [pom] 17:27:19 [INFO] dependencies.openapi4j [pom] 17:27:19 [INFO] dependencies.opensaml [pom] 17:27:19 [INFO] dependencies.pdf [pom] 17:27:19 [INFO] dependencies.redis [pom] 17:27:19 [INFO] dependencies.reports [pom] 17:27:19 [INFO] dependencies.saaj [pom] 17:27:19 [INFO] dependencies.security [pom] 17:27:19 [INFO] dependencies.shared [pom] 17:27:19 [INFO] dependencies.spring [pom] 17:27:19 [INFO] dependencies.spring-ldap [pom] 17:27:19 [INFO] dependencies.spring-security [pom] 17:27:19 [INFO] dependencies.swagger [pom] 17:27:19 [INFO] dependencies.wadl [pom] 17:27:19 [INFO] dependencies.wss4j [pom] 17:27:19 [INFO] dependencies.testsuite [pom] 17:27:19 [INFO] dependencies.testsuite.axis14 [pom] 17:27:19 [INFO] dependencies.testsuite.as [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly9 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly10 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly11 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly12 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly13 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly14 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly15 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly16 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly17 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly18 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly19 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly20 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly21 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly22 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly23 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly24 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly25 [pom] 17:27:19 [INFO] dependencies.testsuite.as.wildfly26 [pom] 17:27:19 [INFO] dependencies.testsuite.as.tomcat9 [pom] 17:27:19 [INFO] dependencies.testsuite.test [pom] 17:27:19 [INFO] dependencies.testsuite.staticAnalysis [pom] 17:27:19 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 17:27:19 [INFO] dependencies.testsuite.coverage [pom] 17:27:19 [INFO] dependencies.soapbox [pom] 17:27:19 [INFO] compile [pom] 17:27:19 [INFO] package [pom] 17:27:19 [INFO] testsuite.utils [pom] 17:27:19 [INFO] testsuite.utils.sql [pom] 17:27:19 [INFO] testsuite.pdd.core [pom] 17:27:19 [INFO] testsuite.pdd.core.sql [pom] 17:27:19 [INFO] static_analysis.spotbugs [pom] 17:27:19 [INFO] static_analysis.sonarqube [pom] 17:27:19 [INFO] dynamic_analysis.zap [pom] 17:27:19 [INFO] coverage.jacoco [pom] 17:27:19 [INFO] 17:27:19 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 17:27:19 [INFO] Building govway 1.0 [1/70] 17:27:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:19 [INFO] 17:27:19 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 17:27:19 [INFO] Building dependencies 1.0 [2/70] 17:27:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:19 [INFO] 17:27:19 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 17:27:19 [INFO] Building dependencies.ant 1.0 [3/70] 17:27:19 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:19 [INFO] 17:27:19 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.ant --- 17:27:19 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 17:27:19 [INFO] 17:27:19 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 17:27:20 [INFO] 17:27:20 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 17:27:20 [INFO] Building dependencies.antinstaller 1.0 [4/70] 17:27:20 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:21 [INFO] 17:27:21 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 17:27:21 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 17:27:21 [INFO] 17:27:21 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 17:27:21 [INFO] 17:27:21 [INFO] ---------------< org.openspcoop2:org.openspcoop2.axiom >---------------- 17:27:21 [INFO] Building dependencies.axiom 1.0 [5/70] 17:27:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:21 [INFO] 17:27:21 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.axiom --- 17:27:21 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axiom (includes = [*.jar], excludes = []) 17:27:21 [INFO] 17:27:21 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.axiom --- 17:27:21 [INFO] 17:27:21 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.axiom --- 17:27:21 [INFO] Executing tasks 17:27:21 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-api-1.2.13.jar 17:27:21 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-dom-1.2.13.jar 17:27:21 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-impl-1.2.13.jar 17:27:21 [INFO] Executed tasks 17:27:21 [INFO] 17:27:21 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 17:27:21 [INFO] Building dependencies.bean-validation 1.0 [6/70] 17:27:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:21 [INFO] 17:27:21 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 17:27:21 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 17:27:21 [INFO] 17:27:21 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 17:27:21 [INFO] 17:27:21 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 17:27:21 [INFO] Building dependencies.cxf 1.0 [7/70] 17:27:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:22 [INFO] 17:27:22 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 17:27:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 17:27:22 [INFO] 17:27:22 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 17:27:22 [INFO] 17:27:22 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 17:27:22 [INFO] Executing tasks 17:27:22 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-3.6.8.jar 17:27:22 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-3.6.8.jar 17:27:22 [INFO] Executed tasks 17:27:22 [INFO] 17:27:22 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 17:27:22 [INFO] Building dependencies.commons 1.0 [8/70] 17:27:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:22 [INFO] 17:27:22 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.commons --- 17:27:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 17:27:22 [INFO] 17:27:22 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 17:27:22 [INFO] 17:27:22 [INFO] ---------------< org.openspcoop2:org.openspcoop2.faces >---------------- 17:27:22 [INFO] Building dependencies.faces 1.0 [9/70] 17:27:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:22 [INFO] 17:27:22 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.faces --- 17:27:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/faces (includes = [*.jar], excludes = []) 17:27:22 [INFO] 17:27:22 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.faces --- 17:27:22 [INFO] 17:27:22 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 17:27:22 [INFO] Building dependencies.git 1.0 [10/70] 17:27:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:22 [INFO] 17:27:22 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.git --- 17:27:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 17:27:22 [INFO] 17:27:22 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 17:27:22 [INFO] 17:27:22 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 17:27:22 [INFO] Building dependencies.httpcore 1.0 [11/70] 17:27:22 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:22 [INFO] 17:27:22 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 17:27:22 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 17:27:22 [INFO] 17:27:22 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.httpcore --- 17:27:23 [INFO] Executing tasks 17:27:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-ab-4.4.15.jar 17:27:23 [INFO] Executed tasks 17:27:23 [INFO] 17:27:23 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 17:27:23 [INFO] Building dependencies.jackson 1.0 [12/70] 17:27:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 17:27:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 17:27:23 [INFO] 17:27:23 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 17:27:23 [INFO] 17:27:23 [INFO] ---------------< org.openspcoop2:org.openspcoop2.javax >---------------- 17:27:23 [INFO] Building dependencies.javax 1.0 [13/70] 17:27:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.javax --- 17:27:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/javax (includes = [*.jar], excludes = []) 17:27:23 [INFO] 17:27:23 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.javax --- 17:27:23 [INFO] 17:27:23 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jax >----------------- 17:27:23 [INFO] Building dependencies.jax 1.0 [14/70] 17:27:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jax --- 17:27:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jax (includes = [*.jar], excludes = []) 17:27:23 [INFO] 17:27:23 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jax --- 17:27:23 [INFO] 17:27:23 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.jax --- 17:27:23 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-jsr181-api-2.3.1.jar 17:27:23 [INFO] 17:27:23 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jax --- 17:27:23 [INFO] Executing tasks 17:27:23 [INFO] Executed tasks 17:27:23 [INFO] 17:27:23 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 17:27:23 [INFO] Building dependencies.jetty 1.0 [15/70] 17:27:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 17:27:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 17:27:23 [INFO] 17:27:23 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 17:27:23 [INFO] 17:27:23 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jminix >--------------- 17:27:23 [INFO] Building dependencies.jminix 1.0 [16/70] 17:27:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jminix --- 17:27:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jminix (includes = [*.jar], excludes = []) 17:27:23 [INFO] 17:27:23 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jminix --- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jminix --- 17:27:23 [INFO] Executing tasks 17:27:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-1.2.0.jar 17:27:23 [INFO] Executed tasks 17:27:23 [INFO] 17:27:23 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 17:27:23 [INFO] Building dependencies.json 1.0 [17/70] 17:27:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.json --- 17:27:23 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 17:27:23 [INFO] 17:27:23 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 17:27:23 [INFO] 17:27:23 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 17:27:23 [INFO] Executing tasks 17:27:23 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 17:27:23 [INFO] Executed tasks 17:27:23 [INFO] 17:27:23 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.json --- 17:27:23 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.0.73.jar 17:27:23 [INFO] 17:27:23 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 17:27:23 [INFO] Building dependencies.log 1.0 [18/70] 17:27:23 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.log --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 17:27:24 [INFO] Executing tasks 17:27:24 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.16.jar 17:27:24 [INFO] Executed tasks 17:27:24 [INFO] 17:27:24 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 17:27:24 [INFO] Building dependencies.lucene 1.0 [19/70] 17:27:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.lucene --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 17:27:24 [INFO] 17:27:24 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 17:27:24 [INFO] Building dependencies.openapi4j 1.0 [20/70] 17:27:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- 17:27:24 [INFO] Executing tasks 17:27:24 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar 17:27:24 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar 17:27:24 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar 17:27:24 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar 17:27:24 [INFO] Executed tasks 17:27:24 [INFO] 17:27:24 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 17:27:24 [INFO] Building dependencies.opensaml 1.0 [21/70] 17:27:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 17:27:24 [INFO] 17:27:24 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 17:27:24 [INFO] Building dependencies.pdf 1.0 [22/70] 17:27:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.pdf --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 17:27:24 [INFO] 17:27:24 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 17:27:24 [INFO] Building dependencies.redis 1.0 [23/70] 17:27:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.redis --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 17:27:24 [INFO] 17:27:24 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 17:27:24 [INFO] Building dependencies.reports 1.0 [24/70] 17:27:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.reports --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 17:27:24 [INFO] 17:27:24 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 17:27:24 [INFO] Building dependencies.saaj 1.0 [25/70] 17:27:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.saaj --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- 17:27:24 [INFO] Executing tasks 17:27:24 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-1.5.3.jar 17:27:24 [INFO] Executed tasks 17:27:24 [INFO] 17:27:24 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 17:27:24 [INFO] Building dependencies.security 1.0 [26/70] 17:27:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:24 [INFO] 17:27:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.security --- 17:27:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 17:27:24 [INFO] 17:27:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.security --- 17:27:25 [INFO] Executing tasks 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/security/xmlsec-2.3.4.jar 17:27:25 [INFO] Executed tasks 17:27:25 [INFO] 17:27:25 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 17:27:25 [INFO] Building dependencies.shared 1.0 [27/70] 17:27:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.shared --- 17:27:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 17:27:25 [INFO] 17:27:25 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- 17:27:25 [INFO] Executing tasks 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/commons-jcs3-core-3.1.jar 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-11.4.jar 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-1.33.jar 17:27:25 [INFO] Executed tasks 17:27:25 [INFO] 17:27:25 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 17:27:25 [INFO] Building dependencies.spring 1.0 [28/70] 17:27:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring --- 17:27:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 17:27:25 [INFO] 17:27:25 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.spring --- 17:27:25 [INFO] Executing tasks 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-beans-5.3.39.jar 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-5.3.39.jar 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-support-5.3.39.jar 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-core-5.3.39.jar 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-expression-5.3.39.jar 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-web-5.3.39.jar 17:27:25 [INFO] Executed tasks 17:27:25 [INFO] 17:27:25 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 17:27:25 [INFO] Building dependencies.spring-ldap 1.0 [29/70] 17:27:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- 17:27:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 17:27:25 [INFO] 17:27:25 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 17:27:25 [INFO] 17:27:25 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 17:27:25 [INFO] Building dependencies.spring-security 1.0 [30/70] 17:27:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- 17:27:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 17:27:25 [INFO] 17:27:25 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.spring-security --- 17:27:25 [INFO] Executing tasks 17:27:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-crypto-5.8.16.jar 17:27:25 [INFO] Executed tasks 17:27:25 [INFO] 17:27:25 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 17:27:25 [INFO] Building dependencies.swagger 1.0 [31/70] 17:27:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.swagger --- 17:27:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 17:27:25 [INFO] 17:27:25 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 17:27:25 [INFO] 17:27:25 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- 17:27:26 [INFO] Executing tasks 17:27:26 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.6.jar 17:27:26 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.30.0.jar 17:27:26 [INFO] Executed tasks 17:27:26 [INFO] 17:27:26 [INFO] ----------------< org.openspcoop2:org.openspcoop2.wadl >---------------- 17:27:26 [INFO] Building dependencies.wadl 1.0 [32/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wadl --- 17:27:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wadl (includes = [*.jar], excludes = []) 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wadl --- 17:27:26 [INFO] 17:27:26 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 17:27:26 [INFO] Building dependencies.wss4j 1.0 [33/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- 17:27:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- 17:27:26 [INFO] Executing tasks 17:27:26 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-2.4.1.jar 17:27:26 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-2.4.1.jar 17:27:26 [INFO] Executed tasks 17:27:26 [INFO] 17:27:26 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 17:27:26 [INFO] Building dependencies.testsuite 1.0 [34/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 17:27:26 [INFO] Building dependencies.testsuite.axis14 1.0 [35/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- 17:27:26 [INFO] Executing tasks 17:27:26 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar 17:27:26 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar 17:27:26 [INFO] Executed tasks 17:27:26 [INFO] 17:27:26 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 17:27:26 [INFO] Building dependencies.testsuite.as 1.0 [36/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly9 >-- 17:27:26 [INFO] Building dependencies.testsuite.as.wildfly9 1.0 [37/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:27:26 [INFO] 17:27:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly10 >-- 17:27:26 [INFO] Building dependencies.testsuite.as.wildfly10 1.0 [38/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:27:26 [INFO] 17:27:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly11 >-- 17:27:26 [INFO] Building dependencies.testsuite.as.wildfly11 1.0 [39/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly11 --- 17:27:26 [INFO] 17:27:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly12 >-- 17:27:26 [INFO] Building dependencies.testsuite.as.wildfly12 1.0 [40/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly12 --- 17:27:26 [INFO] 17:27:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly13 >-- 17:27:26 [INFO] Building dependencies.testsuite.as.wildfly13 1.0 [41/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly13 --- 17:27:26 [INFO] 17:27:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly14 >-- 17:27:26 [INFO] Building dependencies.testsuite.as.wildfly14 1.0 [42/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 17:27:26 [INFO] 17:27:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly14 --- 17:27:26 [INFO] 17:27:26 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly15 >-- 17:27:26 [INFO] Building dependencies.testsuite.as.wildfly15 1.0 [43/70] 17:27:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly15 --- 17:27:27 [INFO] 17:27:27 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly16 >-- 17:27:27 [INFO] Building dependencies.testsuite.as.wildfly16 1.0 [44/70] 17:27:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly16 --- 17:27:27 [INFO] 17:27:27 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly17 >-- 17:27:27 [INFO] Building dependencies.testsuite.as.wildfly17 1.0 [45/70] 17:27:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly17 --- 17:27:27 [INFO] 17:27:27 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly18 >-- 17:27:27 [INFO] Building dependencies.testsuite.as.wildfly18 1.0 [46/70] 17:27:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly18 --- 17:27:27 [INFO] 17:27:27 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly19 >-- 17:27:27 [INFO] Building dependencies.testsuite.as.wildfly19 1.0 [47/70] 17:27:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly19 --- 17:27:27 [INFO] 17:27:27 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly20 >-- 17:27:27 [INFO] Building dependencies.testsuite.as.wildfly20 1.0 [48/70] 17:27:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly20 --- 17:27:27 [INFO] 17:27:27 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly21 >-- 17:27:27 [INFO] Building dependencies.testsuite.as.wildfly21 1.0 [49/70] 17:27:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 17:27:27 [INFO] 17:27:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly21 --- 17:27:28 [INFO] 17:27:28 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly22 >-- 17:27:28 [INFO] Building dependencies.testsuite.as.wildfly22 1.0 [50/70] 17:27:28 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly22 --- 17:27:28 [INFO] 17:27:28 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly23 >-- 17:27:28 [INFO] Building dependencies.testsuite.as.wildfly23 1.0 [51/70] 17:27:28 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly23 --- 17:27:28 [INFO] 17:27:28 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly24 >-- 17:27:28 [INFO] Building dependencies.testsuite.as.wildfly24 1.0 [52/70] 17:27:28 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly24 --- 17:27:28 [INFO] 17:27:28 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly25 >-- 17:27:28 [INFO] Building dependencies.testsuite.as.wildfly25 1.0 [53/70] 17:27:28 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly25 --- 17:27:28 [INFO] 17:27:28 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly26 >-- 17:27:28 [INFO] Building dependencies.testsuite.as.wildfly26 1.0 [54/70] 17:27:28 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly26 --- 17:27:28 [INFO] 17:27:28 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.tomcat9 >-- 17:27:28 [INFO] Building dependencies.testsuite.as.tomcat9 1.0 [55/70] 17:27:28 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.tomcat9 --- 17:27:28 [INFO] 17:27:28 [INFO] -----------< org.openspcoop2:org.openspcoop2.testsuite.test >----------- 17:27:28 [INFO] Building dependencies.testsuite.test 1.0 [56/70] 17:27:28 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:28 [INFO] 17:27:28 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.test --- 17:27:28 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/testsuite (includes = [*.jar], excludes = []) 17:27:28 [INFO] 17:27:28 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.test --- 17:27:29 [INFO] 17:27:29 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.test --- 17:27:29 [INFO] Executing tasks 17:27:29 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/testsuite/apacheds-all-2.0.0.AM27.jar 17:27:29 [INFO] Executed tasks 17:27:29 [INFO] 17:27:29 [INFO] ------< org.openspcoop2:org.openspcoop2.testsuite.staticAnalysis >------ 17:27:29 [INFO] Building dependencies.testsuite.staticAnalysis 1.0 [57/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.staticAnalysis --- 17:27:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/staticAnalysis (includes = [*.jar], excludes = []) 17:27:29 [INFO] 17:27:29 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.staticAnalysis --- 17:27:29 [INFO] 17:27:29 [INFO] -----< org.openspcoop2:org.openspcoop2.testsuite.dynamicAnalysis >------ 17:27:29 [INFO] Building dependencies.testsuite.dynamicAnalysis 1.0 [58/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:27:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/dynamicAnalysis (includes = [*.jar], excludes = []) 17:27:29 [INFO] 17:27:29 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.dynamicAnalysis --- 17:27:29 [INFO] 17:27:29 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.coverage >--------- 17:27:29 [INFO] Building dependencies.testsuite.coverage 1.0 [59/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.coverage --- 17:27:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/coverage (includes = [*.jar], excludes = []) 17:27:29 [INFO] 17:27:29 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.coverage --- 17:27:29 [INFO] 17:27:29 [INFO] --------------< org.openspcoop2:org.openspcoop2.soapbox >--------------- 17:27:29 [INFO] Building dependencies.soapbox 1.0 [60/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.soapbox --- 17:27:29 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/soapbox (includes = [*.jar], excludes = []) 17:27:29 [INFO] 17:27:29 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.soapbox --- 17:27:29 [INFO] 17:27:29 [INFO] --------------< org.openspcoop2:org.openspcoop2.compile >--------------- 17:27:29 [INFO] Building compile 1.0 [61/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] --------------< org.openspcoop2:org.openspcoop2.package >--------------- 17:27:29 [INFO] Building package 1.0 [62/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.utils >----------- 17:27:29 [INFO] Building testsuite.utils 1.0 [63/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] --------< org.openspcoop2:org.openspcoop2.testsuite.utils.sql >--------- 17:27:29 [INFO] Building testsuite.utils.sql 1.0 [64/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] ---------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core >--------- 17:27:29 [INFO] Building testsuite.pdd.core 1.0 [65/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] -------< org.openspcoop2:org.openspcoop2.testsuite.pdd.core.sql >------- 17:27:29 [INFO] Building testsuite.pdd.core.sql 1.0 [66/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] ------< org.openspcoop2:org.openspcoop2.static_analysis.spotbugs >------ 17:27:29 [INFO] Building static_analysis.spotbugs 1.0 [67/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] -----< org.openspcoop2:org.openspcoop2.static_analysis.sonarqube >------ 17:27:29 [INFO] Building static_analysis.sonarqube 1.0 [68/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] --------< org.openspcoop2:org.openspcoop2.dynamic_analysis.zap >-------- 17:27:29 [INFO] Building dynamic_analysis.zap 1.0 [69/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] 17:27:29 [INFO] ----------< org.openspcoop2:org.openspcoop2.coverage.jacoco >----------- 17:27:29 [INFO] Building coverage.jacoco 1.0 [70/70] 17:27:29 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:29 [INFO] ------------------------------------------------------------------------ 17:27:29 [INFO] Reactor Summary for govway 1.0: 17:27:29 [INFO] 17:27:29 [INFO] govway ............................................. SUCCESS [ 0.004 s] 17:27:29 [INFO] dependencies ....................................... SUCCESS [ 0.002 s] 17:27:29 [INFO] dependencies.ant ................................... SUCCESS [ 1.668 s] 17:27:29 [INFO] dependencies.antinstaller .......................... SUCCESS [ 0.069 s] 17:27:29 [INFO] dependencies.axiom ................................. SUCCESS [ 0.713 s] 17:27:29 [INFO] dependencies.bean-validation ....................... SUCCESS [ 0.152 s] 17:27:29 [INFO] dependencies.cxf ................................... SUCCESS [ 0.551 s] 17:27:29 [INFO] dependencies.commons ............................... SUCCESS [ 0.240 s] 17:27:29 [INFO] dependencies.faces ................................. SUCCESS [ 0.149 s] 17:27:29 [INFO] dependencies.git ................................... SUCCESS [ 0.040 s] 17:27:29 [INFO] dependencies.httpcore .............................. SUCCESS [ 0.165 s] 17:27:29 [INFO] dependencies.jackson ............................... SUCCESS [ 0.129 s] 17:27:29 [INFO] dependencies.javax ................................. SUCCESS [ 0.097 s] 17:27:29 [INFO] dependencies.jax ................................... SUCCESS [ 0.318 s] 17:27:29 [INFO] dependencies.jetty ................................. SUCCESS [ 0.077 s] 17:27:29 [INFO] dependencies.jminix ................................ SUCCESS [ 0.134 s] 17:27:29 [INFO] dependencies.json .................................. SUCCESS [ 0.163 s] 17:27:29 [INFO] dependencies.log ................................... SUCCESS [ 0.147 s] 17:27:29 [INFO] dependencies.lucene ................................ SUCCESS [ 0.056 s] 17:27:29 [INFO] dependencies.openapi4j ............................. SUCCESS [ 0.089 s] 17:27:29 [INFO] dependencies.opensaml .............................. SUCCESS [ 0.141 s] 17:27:29 [INFO] dependencies.pdf ................................... SUCCESS [ 0.074 s] 17:27:29 [INFO] dependencies.redis ................................. SUCCESS [ 0.134 s] 17:27:29 [INFO] dependencies.reports ............................... SUCCESS [ 0.156 s] 17:27:29 [INFO] dependencies.saaj .................................. SUCCESS [ 0.081 s] 17:27:29 [INFO] dependencies.security .............................. SUCCESS [ 0.171 s] 17:27:29 [INFO] dependencies.shared ................................ SUCCESS [ 0.558 s] 17:27:29 [INFO] dependencies.spring ................................ SUCCESS [ 0.166 s] 17:27:29 [INFO] dependencies.spring-ldap ........................... SUCCESS [ 0.016 s] 17:27:29 [INFO] dependencies.spring-security ....................... SUCCESS [ 0.079 s] 17:27:29 [INFO] dependencies.swagger ............................... SUCCESS [ 0.159 s] 17:27:29 [INFO] dependencies.wadl .................................. SUCCESS [ 0.017 s] 17:27:29 [INFO] dependencies.wss4j ................................. SUCCESS [ 0.107 s] 17:27:29 [INFO] dependencies.testsuite ............................. SUCCESS [ 0.001 s] 17:27:29 [INFO] dependencies.testsuite.axis14 ...................... SUCCESS [ 0.109 s] 17:27:29 [INFO] dependencies.testsuite.as .......................... SUCCESS [ 0.001 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly9 ................. SUCCESS [ 0.077 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly10 ................ SUCCESS [ 0.091 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly11 ................ SUCCESS [ 0.130 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly12 ................ SUCCESS [ 0.123 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly13 ................ SUCCESS [ 0.143 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly14 ................ SUCCESS [ 0.163 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly15 ................ SUCCESS [ 0.283 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly16 ................ SUCCESS [ 0.113 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly17 ................ SUCCESS [ 0.139 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly18 ................ SUCCESS [ 0.118 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly19 ................ SUCCESS [ 0.124 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly20 ................ SUCCESS [ 0.161 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly21 ................ SUCCESS [ 0.157 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly22 ................ SUCCESS [ 0.126 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly23 ................ SUCCESS [ 0.140 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly24 ................ SUCCESS [ 0.140 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly25 ................ SUCCESS [ 0.155 s] 17:27:29 [INFO] dependencies.testsuite.as.wildfly26 ................ SUCCESS [ 0.153 s] 17:27:29 [INFO] dependencies.testsuite.as.tomcat9 .................. SUCCESS [ 0.022 s] 17:27:29 [INFO] dependencies.testsuite.test ........................ SUCCESS [ 0.284 s] 17:27:29 [INFO] dependencies.testsuite.staticAnalysis .............. SUCCESS [ 0.025 s] 17:27:29 [INFO] dependencies.testsuite.dynamicAnalysis ............. SUCCESS [ 0.011 s] 17:27:29 [INFO] dependencies.testsuite.coverage .................... SUCCESS [ 0.058 s] 17:27:29 [INFO] dependencies.soapbox ............................... SUCCESS [ 0.037 s] 17:27:29 [INFO] compile ............................................ SUCCESS [ 0.001 s] 17:27:29 [INFO] package ............................................ SUCCESS [ 0.000 s] 17:27:29 [INFO] testsuite.utils .................................... SUCCESS [ 0.001 s] 17:27:29 [INFO] testsuite.utils.sql ................................ SUCCESS [ 0.000 s] 17:27:29 [INFO] testsuite.pdd.core ................................. SUCCESS [ 0.001 s] 17:27:29 [INFO] testsuite.pdd.core.sql ............................. SUCCESS [ 0.000 s] 17:27:29 [INFO] static_analysis.spotbugs ........................... SUCCESS [ 0.001 s] 17:27:29 [INFO] static_analysis.sonarqube .......................... SUCCESS [ 0.000 s] 17:27:29 [INFO] dynamic_analysis.zap ............................... SUCCESS [ 0.001 s] 17:27:29 [INFO] coverage.jacoco .................................... SUCCESS [ 0.001 s] 17:27:29 [INFO] ------------------------------------------------------------------------ 17:27:29 [INFO] BUILD SUCCESS 17:27:29 [INFO] ------------------------------------------------------------------------ 17:27:29 [INFO] Total time: 10.534 s 17:27:29 [INFO] Finished at: 2026-01-27T17:27:29+01:00 17:27:29 [INFO] ------------------------------------------------------------------------ 17:27:29 [GovWay] $ /opt/apache-maven-3.6.3/bin/mvn -Dowasp.plugin.autoUpdate=true -Dpackage=none -DossIndexUsername=andrea.poli@link.it -Dcompile=none -Dowasp=verify -Dtestsuite=none -DossIndexPassword=6b31d4937d57ec65ccb3aed4ff8461107c8eeb5a -DnvdApiKey=f8281fbf-3d81-4e4a-9f03-ab68856b336d -Dowasp.plugin.failBuildOnAnyVulnerability=false verify 17:27:31 [INFO] Scanning for projects... 17:27:31 [INFO] ------------------------------------------------------------------------ 17:27:31 [INFO] Reactor Build Order: 17:27:31 [INFO] 17:27:31 [INFO] govway [pom] 17:27:31 [INFO] dependencies [pom] 17:27:31 [INFO] dependencies.ant [pom] 17:27:31 [INFO] dependencies.antinstaller [pom] 17:27:31 [INFO] dependencies.axiom [pom] 17:27:31 [INFO] dependencies.bean-validation [pom] 17:27:31 [INFO] dependencies.cxf [pom] 17:27:31 [INFO] dependencies.commons [pom] 17:27:31 [INFO] dependencies.faces [pom] 17:27:31 [INFO] dependencies.git [pom] 17:27:31 [INFO] dependencies.httpcore [pom] 17:27:31 [INFO] dependencies.jackson [pom] 17:27:31 [INFO] dependencies.javax [pom] 17:27:31 [INFO] dependencies.jax [pom] 17:27:31 [INFO] dependencies.jetty [pom] 17:27:31 [INFO] dependencies.jminix [pom] 17:27:31 [INFO] dependencies.json [pom] 17:27:31 [INFO] dependencies.log [pom] 17:27:31 [INFO] dependencies.lucene [pom] 17:27:31 [INFO] dependencies.openapi4j [pom] 17:27:31 [INFO] dependencies.opensaml [pom] 17:27:31 [INFO] dependencies.pdf [pom] 17:27:31 [INFO] dependencies.redis [pom] 17:27:31 [INFO] dependencies.reports [pom] 17:27:31 [INFO] dependencies.saaj [pom] 17:27:31 [INFO] dependencies.security [pom] 17:27:31 [INFO] dependencies.shared [pom] 17:27:31 [INFO] dependencies.spring [pom] 17:27:31 [INFO] dependencies.spring-ldap [pom] 17:27:31 [INFO] dependencies.spring-security [pom] 17:27:31 [INFO] dependencies.swagger [pom] 17:27:31 [INFO] dependencies.wadl [pom] 17:27:31 [INFO] dependencies.wss4j [pom] 17:27:31 [INFO] dependencies.testsuite [pom] 17:27:31 [INFO] dependencies.testsuite.axis14 [pom] 17:27:31 [INFO] dependencies.testsuite.as [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly9 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly10 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly11 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly12 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly13 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly14 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly15 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly16 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly17 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly18 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly19 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly20 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly21 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly22 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly23 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly24 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly25 [pom] 17:27:31 [INFO] dependencies.testsuite.as.wildfly26 [pom] 17:27:31 [INFO] dependencies.testsuite.as.tomcat9 [pom] 17:27:31 [INFO] dependencies.testsuite.test [pom] 17:27:31 [INFO] dependencies.testsuite.staticAnalysis [pom] 17:27:31 [INFO] dependencies.testsuite.dynamicAnalysis [pom] 17:27:31 [INFO] dependencies.testsuite.coverage [pom] 17:27:31 [INFO] compile [pom] 17:27:31 [INFO] package [pom] 17:27:31 [INFO] testsuite.utils [pom] 17:27:31 [INFO] testsuite.utils.sql [pom] 17:27:31 [INFO] testsuite.pdd.core [pom] 17:27:31 [INFO] testsuite.pdd.core.sql [pom] 17:27:31 [INFO] static_analysis.spotbugs [pom] 17:27:31 [INFO] static_analysis.sonarqube [pom] 17:27:31 [INFO] dynamic_analysis.zap [pom] 17:27:31 [INFO] coverage.jacoco [pom] 17:27:31 [INFO] 17:27:31 [INFO] ------------------< org.openspcoop2:org.openspcoop2 >------------------- 17:27:31 [INFO] Building govway 1.0 [1/69] 17:27:31 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:31 [INFO] 17:27:31 [INFO] ------------< org.openspcoop2:org.openspcoop2.dependencies >------------ 17:27:31 [INFO] Building dependencies 1.0 [2/69] 17:27:31 [INFO] --------------------------------[ pom ]--------------------------------- 17:27:32 [INFO] 17:27:32 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.dependencies --- 17:27:32 [INFO] Executing tasks 17:27:37 [INFO] Executed tasks 17:27:39 [INFO] 17:27:39 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.dependencies --- 17:27:46 [INFO] Checking for updates 17:27:47 [WARNING] NVD API request failures are occurring; retrying request for the 1st time 17:27:55 [INFO] NVD API has 524 records in this update 17:27:55 [INFO] Downloaded 524/524 (100%) 17:27:59 [INFO] Completed processing batch 1/1 (100%) in 3,553ms 17:27:59 [INFO] Updating CISA Known Exploited Vulnerability list: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json 17:28:00 [INFO] Begin database defrag 17:28:13 [INFO] End database defrag (13280 ms) 17:28:13 [INFO] Check for updates complete (27473 ms) 17:28:13 [INFO] 17:28:13 17:28:13 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:28:13 17:28:13 17:28:13 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:28:13 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:28:13 17:28:13 17:28:13 [INFO] Analysis Started 17:28:17 [INFO] Finished Archive Analyzer (3 seconds) 17:28:17 [INFO] Finished File Name Analyzer (0 seconds) 17:28:20 [INFO] Finished Jar Analyzer (3 seconds) 17:28:20 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:28:21 [INFO] Finished Hint Analyzer (0 seconds) 17:28:21 [INFO] Finished Version Filter Analyzer (0 seconds) 17:28:25 [INFO] Created CPE Index (4 seconds) 17:28:25 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:28:25 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:28:25 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:28:25 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:28:25 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:28:25 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:28:25 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:28:25 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:28:25 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:28:25 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:28:25 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:28:25 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:28:25 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:28:25 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:28:25 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:28:25 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:28:25 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:28:25 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:28:25 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:28:25 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:28:25 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:28:25 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:28:25 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:28:25 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:28:25 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:28:25 at java.lang.reflect.Method.invoke (Method.java:566) 17:28:25 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:28:25 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:28:25 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:28:25 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:28:25 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:28:25 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:28:25 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:28:25 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:28:25 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:28:25 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:28:25 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:28:25 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:28:25 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:28:25 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:28:25 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:28:25 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:28:25 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:28:25 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:28:25 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:28:25 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:28:25 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:28:25 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:28:25 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:28:25 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:28:25 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:28:25 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:28:25 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:28:25 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:28:25 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:28:25 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:28:25 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:28:25 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:28:25 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:28:25 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:28:25 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:28:25 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:28:25 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:28:25 at java.lang.reflect.Method.invoke (Method.java:566) 17:28:25 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:28:25 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:28:25 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:28:25 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:28:34 [INFO] Finished CPE Analyzer (13 seconds) 17:28:34 [INFO] Finished False Positive Analyzer (0 seconds) 17:28:34 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:28:51 [INFO] Finished RetireJS Analyzer (17 seconds) 17:28:56 [INFO] Finished Sonatype OSS Index Analyzer (4 seconds) 17:28:56 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:28:56 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:28:57 [INFO] Finished Dependency Bundling Analyzer (1 seconds) 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:28:57 17:28:57 17:28:57 ## Recommendation 17:28:57 17:28:57 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:28:57 17:28:57 The following template can be used to demonstrate the vulnerability: 17:28:57 ```{{#with "constructor"}} 17:28:57 {{#with split as |a|}} 17:28:57 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:28:57 {{#with (concat (lookup join (slice 0 1)))}} 17:28:57 {{#each (slice 2 3)}} 17:28:57 {{#with (apply 0 a)}} 17:28:57 {{.}} 17:28:57 {{/with}} 17:28:57 {{/each}} 17:28:57 {{/with}} 17:28:57 {{/with}} 17:28:57 {{/with}}``` 17:28:57 17:28:57 17:28:57 ## Recommendation 17:28:57 17:28:57 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:28:57 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:28:57 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:28:58 [INFO] Analysis Complete (44 seconds) 17:28:58 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.xml 17:28:59 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.html 17:29:00 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.json 17:29:01 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.csv 17:29:01 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-report.sarif 17:29:01 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-jenkins.html 17:29:01 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-junit.xml 17:29:02 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/dependency-check-result/dependency-check-gitlab.json 17:29:02 [WARNING] 17:29:02 17:29:02 One or more dependencies were identified with known vulnerabilities in dependencies: 17:29:02 17:29:02 commons-lang-2.6.jar (pkg:maven/commons-lang/commons-lang@2.6, cpe:2.3:a:apache:commons_lang:2.6:*:*:*:*:*:*:*) : CVE-2025-48924 17:29:02 json-schema-validator-1.0.73.jar (pkg:maven/com.networknt/json-schema-validator@1.0.73, cpe:2.3:a:json-schema_project:json-schema:1.0.73:*:*:*:*:*:*:*, cpe:2.3:a:validator:validator:1.0.73:*:*:*:*:*:*:*) : CVE-2025-15104 17:29:02 spring-core-5.3.39.jar (pkg:maven/org.springframework/spring-core@5.3.39, cpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*) : CVE-2025-41249, CVE-2025-41242 17:29:02 spring-web-5.3.39.jar (pkg:maven/org.springframework/spring-web@5.3.39, cpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*) : CVE-2025-41249 17:29:02 stax2-api-4.2.2.jar (pkg:maven/org.codehaus.woodstox/stax2-api@4.2.2, cpe:2.3:a:fasterxml:woodstox:4.2.2:*:*:*:*:*:*:*) : CVE-2022-40152 17:29:02 17:29:02 17:29:02 See the dependency-check report for more details. 17:29:02 17:29:02 17:29:02 [INFO] 17:29:02 [INFO] ----------------< org.openspcoop2:org.openspcoop2.ant >----------------- 17:29:02 [INFO] Building dependencies.ant 1.0 [3/69] 17:29:02 [INFO] --------------------------------[ pom ]--------------------------------- 17:29:02 [INFO] 17:29:02 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.ant --- 17:29:02 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/ant (includes = [*.jar], excludes = []) 17:29:02 [INFO] 17:29:02 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.ant --- 17:29:02 [INFO] 17:29:02 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.ant --- 17:29:02 [INFO] Executing tasks 17:29:07 [INFO] Executed tasks 17:29:07 [INFO] 17:29:07 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.ant --- 17:29:07 [INFO] Checking for updates 17:29:07 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:29:08 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:29:08 [INFO] Check for updates complete (75 ms) 17:29:08 [INFO] 17:29:08 17:29:08 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:29:08 17:29:08 17:29:08 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:29:08 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:29:08 17:29:08 17:29:08 [INFO] Analysis Started 17:29:08 [INFO] Finished Archive Analyzer (0 seconds) 17:29:08 [INFO] Finished File Name Analyzer (0 seconds) 17:29:08 [INFO] Finished Jar Analyzer (0 seconds) 17:29:08 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:29:08 [INFO] Finished Hint Analyzer (0 seconds) 17:29:08 [INFO] Finished Version Filter Analyzer (0 seconds) 17:29:10 [INFO] Created CPE Index (1 seconds) 17:29:10 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:29:10 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:10 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:10 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:10 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:10 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:10 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:10 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:10 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:10 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:10 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:10 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:10 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:10 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:10 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:10 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:10 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:10 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:10 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:10 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:10 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:10 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:10 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:10 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:10 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:10 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:10 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:10 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:10 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:29:10 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:29:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:29:10 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:29:10 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:29:10 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:29:10 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:29:10 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:29:10 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:10 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:10 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:10 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:10 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:10 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:10 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:10 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:10 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:10 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:10 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:10 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:10 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:10 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:10 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:10 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:10 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:10 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:10 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:10 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:10 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:10 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:10 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:10 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:10 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:10 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:10 [INFO] Finished CPE Analyzer (2 seconds) 17:29:10 [INFO] Finished False Positive Analyzer (0 seconds) 17:29:10 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:29:10 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:29:10 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:29:10 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:29:10 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:29:10 17:29:10 17:29:10 ## Recommendation 17:29:10 17:29:10 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:29:10 17:29:10 The following template can be used to demonstrate the vulnerability: 17:29:10 ```{{#with "constructor"}} 17:29:10 {{#with split as |a|}} 17:29:10 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:29:10 {{#with (concat (lookup join (slice 0 1)))}} 17:29:10 {{#each (slice 2 3)}} 17:29:10 {{#with (apply 0 a)}} 17:29:10 {{.}} 17:29:10 {{/with}} 17:29:10 {{/each}} 17:29:10 {{/with}} 17:29:10 {{/with}} 17:29:10 {{/with}}``` 17:29:10 17:29:10 17:29:10 ## Recommendation 17:29:10 17:29:10 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:10 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:29:10 [INFO] Analysis Complete (2 seconds) 17:29:10 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:29:10 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:29:10 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:29:10 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:29:10 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:29:10 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:29:10 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:29:10 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:29:10 [INFO] 17:29:10 [INFO] ------------< org.openspcoop2:org.openspcoop2.antinstaller >------------ 17:29:10 [INFO] Building dependencies.antinstaller 1.0 [4/69] 17:29:10 [INFO] --------------------------------[ pom ]--------------------------------- 17:29:10 [INFO] 17:29:10 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.antinstaller --- 17:29:10 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/antinstaller (includes = [*.jar], excludes = []) 17:29:10 [INFO] 17:29:10 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.antinstaller --- 17:29:10 [INFO] 17:29:10 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.antinstaller --- 17:29:10 [INFO] Executing tasks 17:29:15 [INFO] Executed tasks 17:29:15 [INFO] 17:29:15 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.antinstaller --- 17:29:16 [INFO] Checking for updates 17:29:16 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:29:16 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:29:16 [INFO] Check for updates complete (80 ms) 17:29:16 [INFO] 17:29:16 17:29:16 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:29:16 17:29:16 17:29:16 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:29:16 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:29:16 17:29:16 17:29:16 [INFO] Analysis Started 17:29:16 [INFO] Finished Archive Analyzer (0 seconds) 17:29:16 [INFO] Finished File Name Analyzer (0 seconds) 17:29:16 [INFO] Finished Jar Analyzer (0 seconds) 17:29:16 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:29:16 [INFO] Finished Hint Analyzer (0 seconds) 17:29:16 [INFO] Finished Version Filter Analyzer (0 seconds) 17:29:18 [INFO] Created CPE Index (1 seconds) 17:29:18 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:29:18 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:18 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:18 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:18 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:18 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:18 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:18 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:18 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:18 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:18 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:18 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:18 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:18 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:18 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:18 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:18 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:18 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:18 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:18 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:18 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:18 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:18 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:18 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:18 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:18 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:18 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:18 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:18 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:18 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:18 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:18 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:29:18 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:29:18 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:29:18 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:29:18 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:29:18 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:29:18 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:29:18 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:29:18 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:18 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:18 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:18 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:18 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:18 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:18 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:18 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:18 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:18 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:18 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:18 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:18 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:18 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:18 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:18 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:18 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:18 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:18 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:18 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:18 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:18 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:18 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:18 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:18 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:18 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:18 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:18 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:18 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:18 [INFO] Finished CPE Analyzer (2 seconds) 17:29:18 [INFO] Finished False Positive Analyzer (0 seconds) 17:29:18 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:29:18 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:29:18 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:29:18 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:29:18 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:29:18 17:29:18 17:29:18 ## Recommendation 17:29:18 17:29:18 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:29:18 17:29:18 The following template can be used to demonstrate the vulnerability: 17:29:18 ```{{#with "constructor"}} 17:29:18 {{#with split as |a|}} 17:29:18 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:29:18 {{#with (concat (lookup join (slice 0 1)))}} 17:29:18 {{#each (slice 2 3)}} 17:29:18 {{#with (apply 0 a)}} 17:29:18 {{.}} 17:29:18 {{/with}} 17:29:18 {{/each}} 17:29:18 {{/with}} 17:29:18 {{/with}} 17:29:18 {{/with}}``` 17:29:18 17:29:18 17:29:18 ## Recommendation 17:29:18 17:29:18 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:18 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:29:18 [INFO] Analysis Complete (2 seconds) 17:29:18 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:29:18 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:29:18 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:29:18 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:29:18 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:29:18 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:29:18 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:29:18 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:29:18 [INFO] 17:29:18 [INFO] ---------------< org.openspcoop2:org.openspcoop2.axiom >---------------- 17:29:18 [INFO] Building dependencies.axiom 1.0 [5/69] 17:29:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:29:18 [INFO] 17:29:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.axiom --- 17:29:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axiom (includes = [*.jar], excludes = []) 17:29:18 [INFO] 17:29:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.axiom --- 17:29:18 [INFO] 17:29:18 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.axiom --- 17:29:18 [INFO] Executing tasks 17:29:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-api-1.2.13.jar 17:29:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-dom-1.2.13.jar 17:29:18 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axiom/axiom-impl-1.2.13.jar 17:29:18 [INFO] Executed tasks 17:29:18 [INFO] 17:29:18 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.axiom --- 17:29:18 [INFO] Executing tasks 17:29:23 [INFO] Executed tasks 17:29:23 [INFO] 17:29:23 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.axiom --- 17:29:24 [INFO] Checking for updates 17:29:24 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:29:24 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:29:24 [INFO] Check for updates complete (76 ms) 17:29:24 [INFO] 17:29:24 17:29:24 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:29:24 17:29:24 17:29:24 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:29:24 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:29:24 17:29:24 17:29:24 [INFO] Analysis Started 17:29:24 [INFO] Finished Archive Analyzer (0 seconds) 17:29:24 [INFO] Finished File Name Analyzer (0 seconds) 17:29:24 [INFO] Finished Jar Analyzer (0 seconds) 17:29:24 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:29:24 [INFO] Finished Hint Analyzer (0 seconds) 17:29:24 [INFO] Finished Version Filter Analyzer (0 seconds) 17:29:25 [INFO] Created CPE Index (1 seconds) 17:29:26 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:29:26 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:26 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:26 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:26 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:26 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:26 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:26 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:26 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:26 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:26 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:26 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:26 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:26 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:26 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:26 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:26 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:26 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:26 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:26 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:26 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:26 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:26 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:26 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:26 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:26 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:26 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:26 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:26 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:29:26 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:29:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:29:26 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:29:26 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:29:26 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:29:26 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:29:26 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:29:26 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:26 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:26 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:26 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:26 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:26 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:26 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:26 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:26 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:26 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:26 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:26 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:26 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:26 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:26 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:26 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:26 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:26 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:26 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:26 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:26 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:26 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:26 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:26 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:26 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:26 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:26 [INFO] Finished CPE Analyzer (1 seconds) 17:29:26 [INFO] Finished False Positive Analyzer (0 seconds) 17:29:26 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:29:26 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:29:26 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:29:26 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:29:26 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:29:26 17:29:26 17:29:26 ## Recommendation 17:29:26 17:29:26 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:29:26 17:29:26 The following template can be used to demonstrate the vulnerability: 17:29:26 ```{{#with "constructor"}} 17:29:26 {{#with split as |a|}} 17:29:26 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:29:26 {{#with (concat (lookup join (slice 0 1)))}} 17:29:26 {{#each (slice 2 3)}} 17:29:26 {{#with (apply 0 a)}} 17:29:26 {{.}} 17:29:26 {{/with}} 17:29:26 {{/each}} 17:29:26 {{/with}} 17:29:26 {{/with}} 17:29:26 {{/with}}``` 17:29:26 17:29:26 17:29:26 ## Recommendation 17:29:26 17:29:26 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:26 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:29:26 [INFO] Analysis Complete (2 seconds) 17:29:26 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:29:26 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:29:26 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:29:26 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:29:26 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:29:26 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:29:26 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:29:26 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:29:26 [INFO] 17:29:26 [INFO] ----------< org.openspcoop2:org.openspcoop2.bean-validation >----------- 17:29:26 [INFO] Building dependencies.bean-validation 1.0 [6/69] 17:29:26 [INFO] --------------------------------[ pom ]--------------------------------- 17:29:26 [INFO] 17:29:26 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.bean-validation --- 17:29:26 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/bean-validation (includes = [*.jar], excludes = []) 17:29:26 [INFO] 17:29:26 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.bean-validation --- 17:29:26 [INFO] 17:29:26 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.bean-validation --- 17:29:26 [INFO] Executing tasks 17:29:31 [INFO] Executed tasks 17:29:31 [INFO] 17:29:31 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.bean-validation --- 17:29:31 [INFO] Checking for updates 17:29:31 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:29:31 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:29:31 [INFO] Check for updates complete (71 ms) 17:29:32 [INFO] 17:29:32 17:29:32 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:29:32 17:29:32 17:29:32 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:29:32 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:29:32 17:29:32 17:29:32 [INFO] Analysis Started 17:29:32 [INFO] Finished Archive Analyzer (0 seconds) 17:29:32 [INFO] Finished File Name Analyzer (0 seconds) 17:29:32 [INFO] Finished Jar Analyzer (0 seconds) 17:29:32 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:29:32 [INFO] Finished Hint Analyzer (0 seconds) 17:29:32 [INFO] Finished Version Filter Analyzer (0 seconds) 17:29:33 [INFO] Created CPE Index (1 seconds) 17:29:33 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:29:33 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:33 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:33 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:33 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:33 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:33 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:33 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:33 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:33 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:33 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:33 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:33 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:33 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:33 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:33 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:33 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:33 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:33 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:33 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:33 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:33 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:33 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:33 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:33 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:33 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:33 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:33 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:33 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:33 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:33 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:33 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:29:33 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:29:33 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:29:33 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:29:33 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:29:33 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:29:33 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:29:33 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:29:33 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:33 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:33 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:33 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:33 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:33 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:33 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:33 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:33 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:33 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:33 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:33 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:33 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:33 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:33 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:33 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:33 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:33 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:33 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:33 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:33 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:33 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:33 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:33 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:33 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:33 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:33 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:33 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:33 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:33 [INFO] Finished CPE Analyzer (1 seconds) 17:29:33 [INFO] Finished False Positive Analyzer (0 seconds) 17:29:33 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:29:33 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:29:33 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:29:34 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:29:34 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:29:34 17:29:34 17:29:34 ## Recommendation 17:29:34 17:29:34 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:29:34 17:29:34 The following template can be used to demonstrate the vulnerability: 17:29:34 ```{{#with "constructor"}} 17:29:34 {{#with split as |a|}} 17:29:34 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:29:34 {{#with (concat (lookup join (slice 0 1)))}} 17:29:34 {{#each (slice 2 3)}} 17:29:34 {{#with (apply 0 a)}} 17:29:34 {{.}} 17:29:34 {{/with}} 17:29:34 {{/each}} 17:29:34 {{/with}} 17:29:34 {{/with}} 17:29:34 {{/with}}``` 17:29:34 17:29:34 17:29:34 ## Recommendation 17:29:34 17:29:34 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:34 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:29:34 [INFO] Analysis Complete (1 seconds) 17:29:34 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:29:34 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:29:34 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:29:34 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:29:34 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:29:34 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:29:34 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:29:34 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:29:34 [INFO] 17:29:34 [INFO] ----------------< org.openspcoop2:org.openspcoop2.cxf >----------------- 17:29:34 [INFO] Building dependencies.cxf 1.0 [7/69] 17:29:34 [INFO] --------------------------------[ pom ]--------------------------------- 17:29:34 [INFO] 17:29:34 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.cxf --- 17:29:34 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/cxf (includes = [*.jar], excludes = []) 17:29:34 [INFO] 17:29:34 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.cxf --- 17:29:34 [INFO] 17:29:34 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.cxf --- 17:29:34 [INFO] Executing tasks 17:29:34 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-core-3.6.8.jar 17:29:34 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/cxf/cxf-rt-rs-security-jose-3.6.8.jar 17:29:34 [INFO] Executed tasks 17:29:34 [INFO] 17:29:34 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.cxf --- 17:29:34 [INFO] Executing tasks 17:29:39 [INFO] Executed tasks 17:29:39 [INFO] 17:29:39 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.cxf --- 17:29:39 [INFO] Checking for updates 17:29:39 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:29:39 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:29:39 [INFO] Check for updates complete (70 ms) 17:29:39 [INFO] 17:29:39 17:29:39 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:29:39 17:29:39 17:29:39 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:29:39 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:29:39 17:29:39 17:29:39 [INFO] Analysis Started 17:29:39 [INFO] Finished Archive Analyzer (0 seconds) 17:29:39 [INFO] Finished File Name Analyzer (0 seconds) 17:29:40 [INFO] Finished Jar Analyzer (0 seconds) 17:29:40 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:29:40 [INFO] Finished Hint Analyzer (0 seconds) 17:29:40 [INFO] Finished Version Filter Analyzer (0 seconds) 17:29:41 [INFO] Created CPE Index (1 seconds) 17:29:41 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:29:41 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:41 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:41 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:41 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:41 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:41 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:41 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:41 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:41 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:41 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:41 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:41 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:41 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:41 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:41 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:41 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:41 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:41 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:41 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:41 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:41 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:41 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:41 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:41 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:41 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:41 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:41 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:41 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:41 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:41 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:41 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:29:41 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:29:41 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:29:41 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:29:41 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:29:41 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:29:41 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:29:41 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:29:41 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:41 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:41 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:41 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:41 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:41 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:41 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:41 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:41 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:41 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:41 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:41 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:41 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:41 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:41 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:41 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:41 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:41 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:41 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:41 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:41 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:41 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:41 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:41 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:41 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:41 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:41 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:41 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:41 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:42 [INFO] Finished CPE Analyzer (2 seconds) 17:29:42 [INFO] Finished False Positive Analyzer (0 seconds) 17:29:42 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:29:42 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:29:42 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:29:42 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:29:42 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:29:42 17:29:42 17:29:42 ## Recommendation 17:29:42 17:29:42 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:29:42 17:29:42 The following template can be used to demonstrate the vulnerability: 17:29:42 ```{{#with "constructor"}} 17:29:42 {{#with split as |a|}} 17:29:42 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:29:42 {{#with (concat (lookup join (slice 0 1)))}} 17:29:42 {{#each (slice 2 3)}} 17:29:42 {{#with (apply 0 a)}} 17:29:42 {{.}} 17:29:42 {{/with}} 17:29:42 {{/each}} 17:29:42 {{/with}} 17:29:42 {{/with}} 17:29:42 {{/with}}``` 17:29:42 17:29:42 17:29:42 ## Recommendation 17:29:42 17:29:42 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:42 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:29:42 [INFO] Analysis Complete (2 seconds) 17:29:42 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:29:42 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:29:42 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:29:42 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:29:42 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:29:42 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:29:42 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:29:42 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:29:42 [WARNING] 17:29:42 17:29:42 One or more dependencies were identified with known vulnerabilities in dependencies.cxf: 17:29:42 17:29:42 stax2-api-4.2.2.jar (pkg:maven/org.codehaus.woodstox/stax2-api@4.2.2, cpe:2.3:a:fasterxml:woodstox:4.2.2:*:*:*:*:*:*:*) : CVE-2022-40152 17:29:42 17:29:42 17:29:42 See the dependency-check report for more details. 17:29:42 17:29:42 17:29:42 [INFO] 17:29:42 [INFO] --------------< org.openspcoop2:org.openspcoop2.commons >--------------- 17:29:42 [INFO] Building dependencies.commons 1.0 [8/69] 17:29:42 [INFO] --------------------------------[ pom ]--------------------------------- 17:29:42 [INFO] 17:29:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.commons --- 17:29:42 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/commons (includes = [*.jar], excludes = []) 17:29:42 [INFO] 17:29:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.commons --- 17:29:42 [INFO] 17:29:42 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.commons --- 17:29:42 [INFO] Executing tasks 17:29:47 [INFO] Executed tasks 17:29:47 [INFO] 17:29:47 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.commons --- 17:29:47 [INFO] Checking for updates 17:29:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:29:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:29:47 [INFO] Check for updates complete (79 ms) 17:29:48 [INFO] 17:29:48 17:29:48 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:29:48 17:29:48 17:29:48 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:29:48 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:29:48 17:29:48 17:29:48 [INFO] Analysis Started 17:29:48 [INFO] Finished Archive Analyzer (0 seconds) 17:29:48 [INFO] Finished File Name Analyzer (0 seconds) 17:29:48 [INFO] Finished Jar Analyzer (0 seconds) 17:29:48 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:29:48 [INFO] Finished Hint Analyzer (0 seconds) 17:29:48 [INFO] Finished Version Filter Analyzer (0 seconds) 17:29:49 [INFO] Created CPE Index (1 seconds) 17:29:49 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:29:49 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:49 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:49 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:49 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:49 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:49 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:49 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:49 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:49 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:49 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:49 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:49 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:49 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:49 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:49 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:49 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:49 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:49 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:29:49 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:29:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:29:49 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:29:49 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:29:49 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:29:49 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:29:49 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:29:49 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:49 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:49 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:49 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:49 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:49 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:49 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:49 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:49 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:49 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:49 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:49 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:49 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:49 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:49 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:49 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:50 [INFO] Finished CPE Analyzer (2 seconds) 17:29:50 [INFO] Finished False Positive Analyzer (0 seconds) 17:29:50 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:29:50 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:29:50 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:29:50 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:29:50 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:29:50 17:29:50 17:29:50 ## Recommendation 17:29:50 17:29:50 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:29:50 17:29:50 The following template can be used to demonstrate the vulnerability: 17:29:50 ```{{#with "constructor"}} 17:29:50 {{#with split as |a|}} 17:29:50 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:29:50 {{#with (concat (lookup join (slice 0 1)))}} 17:29:50 {{#each (slice 2 3)}} 17:29:50 {{#with (apply 0 a)}} 17:29:50 {{.}} 17:29:50 {{/with}} 17:29:50 {{/each}} 17:29:50 {{/with}} 17:29:50 {{/with}} 17:29:50 {{/with}}``` 17:29:50 17:29:50 17:29:50 ## Recommendation 17:29:50 17:29:50 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:29:50 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:29:50 [INFO] Analysis Complete (2 seconds) 17:29:50 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:29:50 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:29:50 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:29:50 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:29:50 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:29:50 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:29:50 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:29:50 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:29:50 [WARNING] 17:29:50 17:29:50 One or more dependencies were identified with known vulnerabilities in dependencies.commons: 17:29:50 17:29:50 commons-lang-2.6.jar (pkg:maven/commons-lang/commons-lang@2.6, cpe:2.3:a:apache:commons_lang:2.6:*:*:*:*:*:*:*) : CVE-2025-48924 17:29:50 17:29:50 17:29:50 See the dependency-check report for more details. 17:29:50 17:29:50 17:29:50 [INFO] 17:29:50 [INFO] ---------------< org.openspcoop2:org.openspcoop2.faces >---------------- 17:29:50 [INFO] Building dependencies.faces 1.0 [9/69] 17:29:50 [INFO] --------------------------------[ pom ]--------------------------------- 17:29:50 [INFO] 17:29:50 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.faces --- 17:29:50 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/faces (includes = [*.jar], excludes = []) 17:29:50 [INFO] 17:29:50 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.faces --- 17:29:51 [INFO] 17:29:51 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.faces --- 17:29:51 [INFO] Executing tasks 17:29:56 [INFO] Executed tasks 17:29:56 [INFO] 17:29:56 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.faces --- 17:29:56 [INFO] Checking for updates 17:29:56 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:29:56 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:29:56 [INFO] Check for updates complete (65 ms) 17:29:56 [INFO] 17:29:56 17:29:56 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:29:56 17:29:56 17:29:56 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:29:56 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:29:56 17:29:56 17:29:56 [INFO] Analysis Started 17:29:56 [INFO] Finished Archive Analyzer (0 seconds) 17:29:56 [INFO] Finished File Name Analyzer (0 seconds) 17:29:57 [INFO] Finished Jar Analyzer (0 seconds) 17:29:57 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:29:57 [INFO] Finished Hint Analyzer (0 seconds) 17:29:57 [INFO] Finished Version Filter Analyzer (0 seconds) 17:29:58 [INFO] Created CPE Index (1 seconds) 17:29:59 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:29:59 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:59 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:59 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:59 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:59 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:59 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:59 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:59 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:59 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:59 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:59 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:59 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:59 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:59 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:59 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:59 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:59 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:59 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:59 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:59 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:59 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:59 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:59 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:59 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:59 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:59 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:59 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:59 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:59 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:59 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:29:59 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:29:59 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:29:59 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:29:59 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:29:59 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:29:59 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:29:59 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:29:59 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:29:59 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:29:59 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:29:59 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:29:59 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:29:59 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:29:59 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:29:59 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:29:59 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:29:59 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:29:59 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:29:59 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:29:59 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:29:59 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:29:59 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:29:59 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:29:59 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:29:59 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:29:59 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:29:59 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:29:59 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:29:59 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:29:59 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:29:59 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:29:59 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:29:59 at java.lang.reflect.Method.invoke (Method.java:566) 17:29:59 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:29:59 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:29:59 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:29:59 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:29:59 [INFO] Finished CPE Analyzer (2 seconds) 17:29:59 [INFO] Finished False Positive Analyzer (0 seconds) 17:29:59 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:30:07 [INFO] Finished RetireJS Analyzer (8 seconds) 17:30:07 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:30:08 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:30:08 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:30:08 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:30:08 17:30:08 17:30:08 ## Recommendation 17:30:08 17:30:08 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:30:08 17:30:08 The following template can be used to demonstrate the vulnerability: 17:30:08 ```{{#with "constructor"}} 17:30:08 {{#with split as |a|}} 17:30:08 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:30:08 {{#with (concat (lookup join (slice 0 1)))}} 17:30:08 {{#each (slice 2 3)}} 17:30:08 {{#with (apply 0 a)}} 17:30:08 {{.}} 17:30:08 {{/with}} 17:30:08 {{/each}} 17:30:08 {{/with}} 17:30:08 {{/with}} 17:30:08 {{/with}}``` 17:30:08 17:30:08 17:30:08 ## Recommendation 17:30:08 17:30:08 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:08 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:30:08 [INFO] Analysis Complete (11 seconds) 17:30:08 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:30:08 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:30:09 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:30:09 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:30:09 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:30:09 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:30:09 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:30:09 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:30:09 [INFO] 17:30:09 [INFO] ----------------< org.openspcoop2:org.openspcoop2.git >----------------- 17:30:09 [INFO] Building dependencies.git 1.0 [10/69] 17:30:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:30:09 [INFO] 17:30:09 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.git --- 17:30:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/git (includes = [*.jar], excludes = []) 17:30:09 [INFO] 17:30:09 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.git --- 17:30:09 [INFO] 17:30:09 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.git --- 17:30:09 [INFO] Executing tasks 17:30:14 [INFO] Executed tasks 17:30:14 [INFO] 17:30:14 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.git --- 17:30:14 [INFO] Checking for updates 17:30:14 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:30:14 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:30:14 [INFO] Check for updates complete (71 ms) 17:30:15 [INFO] 17:30:15 17:30:15 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:30:15 17:30:15 17:30:15 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:30:15 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:30:15 17:30:15 17:30:15 [INFO] Analysis Started 17:30:15 [INFO] Finished Archive Analyzer (0 seconds) 17:30:15 [INFO] Finished File Name Analyzer (0 seconds) 17:30:15 [INFO] Finished Jar Analyzer (0 seconds) 17:30:15 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:30:15 [INFO] Finished Hint Analyzer (0 seconds) 17:30:15 [INFO] Finished Version Filter Analyzer (0 seconds) 17:30:16 [INFO] Created CPE Index (1 seconds) 17:30:16 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:30:16 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:16 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:16 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:16 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:16 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:16 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:16 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:16 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:16 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:16 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:16 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:16 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:16 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:16 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:16 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:16 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:16 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:16 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:16 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:16 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:16 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:16 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:16 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:16 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:16 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:16 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:16 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:16 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:30:16 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:30:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:30:16 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:30:16 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:30:16 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:30:16 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:30:16 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:30:16 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:16 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:16 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:16 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:16 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:16 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:16 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:16 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:16 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:16 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:16 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:16 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:16 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:16 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:16 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:16 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:16 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:16 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:16 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:16 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:16 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:16 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:16 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:16 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:16 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:16 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:17 [INFO] Finished CPE Analyzer (1 seconds) 17:30:17 [INFO] Finished False Positive Analyzer (0 seconds) 17:30:17 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:30:17 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:30:17 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:30:17 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:30:17 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:30:17 17:30:17 17:30:17 ## Recommendation 17:30:17 17:30:17 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:30:17 17:30:17 The following template can be used to demonstrate the vulnerability: 17:30:17 ```{{#with "constructor"}} 17:30:17 {{#with split as |a|}} 17:30:17 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:30:17 {{#with (concat (lookup join (slice 0 1)))}} 17:30:17 {{#each (slice 2 3)}} 17:30:17 {{#with (apply 0 a)}} 17:30:17 {{.}} 17:30:17 {{/with}} 17:30:17 {{/each}} 17:30:17 {{/with}} 17:30:17 {{/with}} 17:30:17 {{/with}}``` 17:30:17 17:30:17 17:30:17 ## Recommendation 17:30:17 17:30:17 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:17 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:30:17 [INFO] Analysis Complete (2 seconds) 17:30:17 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:30:17 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:30:17 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:30:17 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:30:17 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:30:17 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:30:17 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:30:17 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:30:17 [INFO] 17:30:17 [INFO] --------------< org.openspcoop2:org.openspcoop2.httpcore >-------------- 17:30:17 [INFO] Building dependencies.httpcore 1.0 [11/69] 17:30:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:30:17 [INFO] 17:30:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.httpcore --- 17:30:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/httpcore (includes = [*.jar], excludes = []) 17:30:17 [INFO] 17:30:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.httpcore --- 17:30:17 [INFO] 17:30:17 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.httpcore --- 17:30:17 [INFO] Executing tasks 17:30:17 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/httpcore/httpcore-ab-4.4.15.jar 17:30:17 [INFO] Executed tasks 17:30:17 [INFO] 17:30:17 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.httpcore --- 17:30:17 [INFO] Executing tasks 17:30:22 [INFO] Executed tasks 17:30:22 [INFO] 17:30:22 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.httpcore --- 17:30:22 [INFO] Checking for updates 17:30:22 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:30:22 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:30:22 [INFO] Check for updates complete (70 ms) 17:30:22 [INFO] 17:30:22 17:30:22 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:30:22 17:30:22 17:30:22 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:30:22 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:30:22 17:30:22 17:30:22 [INFO] Analysis Started 17:30:22 [INFO] Finished Archive Analyzer (0 seconds) 17:30:22 [INFO] Finished File Name Analyzer (0 seconds) 17:30:22 [INFO] Finished Jar Analyzer (0 seconds) 17:30:22 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:30:22 [INFO] Finished Hint Analyzer (0 seconds) 17:30:22 [INFO] Finished Version Filter Analyzer (0 seconds) 17:30:24 [INFO] Created CPE Index (1 seconds) 17:30:24 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:30:24 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:24 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:24 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:24 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:24 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:24 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:24 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:24 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:24 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:24 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:24 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:24 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:24 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:24 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:24 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:24 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:24 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:24 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:24 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:24 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:24 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:24 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:24 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:24 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:24 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:24 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:24 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:24 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:30:24 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:30:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:30:24 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:30:24 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:30:24 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:30:24 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:30:24 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:30:24 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:24 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:24 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:24 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:24 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:24 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:24 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:24 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:24 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:24 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:24 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:24 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:24 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:24 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:24 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:24 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:24 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:24 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:24 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:24 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:24 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:24 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:24 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:24 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:24 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:24 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:24 [INFO] Finished CPE Analyzer (1 seconds) 17:30:24 [INFO] Finished False Positive Analyzer (0 seconds) 17:30:24 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:30:24 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:30:24 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:30:24 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:30:24 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:30:24 17:30:24 17:30:24 ## Recommendation 17:30:24 17:30:24 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:30:24 17:30:24 The following template can be used to demonstrate the vulnerability: 17:30:24 ```{{#with "constructor"}} 17:30:24 {{#with split as |a|}} 17:30:24 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:30:24 {{#with (concat (lookup join (slice 0 1)))}} 17:30:24 {{#each (slice 2 3)}} 17:30:24 {{#with (apply 0 a)}} 17:30:24 {{.}} 17:30:24 {{/with}} 17:30:24 {{/each}} 17:30:24 {{/with}} 17:30:24 {{/with}} 17:30:24 {{/with}}``` 17:30:24 17:30:24 17:30:24 ## Recommendation 17:30:24 17:30:24 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:24 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:30:24 [INFO] Analysis Complete (1 seconds) 17:30:24 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:30:24 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:30:24 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:30:24 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:30:24 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:30:24 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:30:24 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:30:24 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:30:24 [INFO] 17:30:24 [INFO] --------------< org.openspcoop2:org.openspcoop2.jackson >--------------- 17:30:24 [INFO] Building dependencies.jackson 1.0 [12/69] 17:30:24 [INFO] --------------------------------[ pom ]--------------------------------- 17:30:24 [INFO] 17:30:24 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jackson --- 17:30:24 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jackson (includes = [*.jar], excludes = []) 17:30:24 [INFO] 17:30:24 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jackson --- 17:30:24 [INFO] 17:30:24 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jackson --- 17:30:24 [INFO] Executing tasks 17:30:29 [INFO] Executed tasks 17:30:29 [INFO] 17:30:29 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.jackson --- 17:30:29 [INFO] Checking for updates 17:30:29 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:30:30 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:30:30 [INFO] Check for updates complete (70 ms) 17:30:30 [INFO] 17:30:30 17:30:30 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:30:30 17:30:30 17:30:30 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:30:30 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:30:30 17:30:30 17:30:30 [INFO] Analysis Started 17:30:30 [INFO] Finished Archive Analyzer (0 seconds) 17:30:30 [INFO] Finished File Name Analyzer (0 seconds) 17:30:30 [INFO] Finished Jar Analyzer (0 seconds) 17:30:30 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:30:30 [INFO] Finished Hint Analyzer (0 seconds) 17:30:30 [INFO] Finished Version Filter Analyzer (0 seconds) 17:30:31 [INFO] Created CPE Index (1 seconds) 17:30:31 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:30:31 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:31 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:31 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:31 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:31 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:31 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:31 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:31 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:31 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:31 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:31 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:31 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:31 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:31 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:31 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:31 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:31 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:31 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:31 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:31 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:31 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:31 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:31 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:31 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:31 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:31 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:31 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:31 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:31 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:31 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:31 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:30:31 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:30:31 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:30:31 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:30:31 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:30:31 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:30:31 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:30:31 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:30:31 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:31 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:31 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:31 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:31 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:31 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:31 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:31 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:31 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:31 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:31 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:31 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:31 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:31 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:31 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:31 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:31 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:31 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:31 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:31 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:31 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:31 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:31 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:31 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:31 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:31 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:31 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:31 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:31 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:32 [INFO] Finished CPE Analyzer (1 seconds) 17:30:32 [INFO] Finished False Positive Analyzer (0 seconds) 17:30:32 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:30:32 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:30:32 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:30:32 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:30:32 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:30:32 17:30:32 17:30:32 ## Recommendation 17:30:32 17:30:32 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:30:32 17:30:32 The following template can be used to demonstrate the vulnerability: 17:30:32 ```{{#with "constructor"}} 17:30:32 {{#with split as |a|}} 17:30:32 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:30:32 {{#with (concat (lookup join (slice 0 1)))}} 17:30:32 {{#each (slice 2 3)}} 17:30:32 {{#with (apply 0 a)}} 17:30:32 {{.}} 17:30:32 {{/with}} 17:30:32 {{/each}} 17:30:32 {{/with}} 17:30:32 {{/with}} 17:30:32 {{/with}}``` 17:30:32 17:30:32 17:30:32 ## Recommendation 17:30:32 17:30:32 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:32 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:30:32 [INFO] Analysis Complete (1 seconds) 17:30:32 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:30:32 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:30:32 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:30:32 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:30:32 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:30:32 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:30:32 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:30:32 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:30:32 [INFO] 17:30:32 [INFO] ---------------< org.openspcoop2:org.openspcoop2.javax >---------------- 17:30:32 [INFO] Building dependencies.javax 1.0 [13/69] 17:30:32 [INFO] --------------------------------[ pom ]--------------------------------- 17:30:32 [INFO] 17:30:32 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.javax --- 17:30:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/javax (includes = [*.jar], excludes = []) 17:30:32 [INFO] 17:30:32 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.javax --- 17:30:32 [INFO] 17:30:32 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.javax --- 17:30:32 [INFO] Executing tasks 17:30:37 [INFO] Executed tasks 17:30:37 [INFO] 17:30:37 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.javax --- 17:30:37 [INFO] Checking for updates 17:30:37 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:30:37 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:30:37 [INFO] Check for updates complete (71 ms) 17:30:37 [INFO] 17:30:37 17:30:37 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:30:37 17:30:37 17:30:37 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:30:37 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:30:37 17:30:37 17:30:37 [INFO] Analysis Started 17:30:37 [INFO] Finished Archive Analyzer (0 seconds) 17:30:37 [INFO] Finished File Name Analyzer (0 seconds) 17:30:37 [INFO] Finished Jar Analyzer (0 seconds) 17:30:37 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:30:37 [INFO] Finished Hint Analyzer (0 seconds) 17:30:37 [INFO] Finished Version Filter Analyzer (0 seconds) 17:30:39 [INFO] Created CPE Index (1 seconds) 17:30:39 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:30:39 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:39 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:39 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:39 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:39 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:39 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:39 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:39 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:39 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:39 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:39 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:39 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:39 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:39 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:39 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:39 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:39 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:39 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:39 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:39 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:39 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:39 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:39 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:39 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:39 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:39 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:39 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:39 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:30:39 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:30:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:30:39 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:30:39 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:30:39 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:30:39 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:30:39 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:30:39 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:39 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:39 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:39 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:39 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:39 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:39 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:39 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:39 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:39 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:39 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:39 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:39 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:39 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:39 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:39 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:39 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:39 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:39 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:39 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:39 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:39 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:39 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:39 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:39 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:39 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:39 [INFO] Finished CPE Analyzer (1 seconds) 17:30:39 [INFO] Finished False Positive Analyzer (0 seconds) 17:30:39 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:30:39 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:30:39 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:30:39 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:30:39 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:30:39 17:30:39 17:30:39 ## Recommendation 17:30:39 17:30:39 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:30:39 17:30:39 The following template can be used to demonstrate the vulnerability: 17:30:39 ```{{#with "constructor"}} 17:30:39 {{#with split as |a|}} 17:30:39 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:30:39 {{#with (concat (lookup join (slice 0 1)))}} 17:30:39 {{#each (slice 2 3)}} 17:30:39 {{#with (apply 0 a)}} 17:30:39 {{.}} 17:30:39 {{/with}} 17:30:39 {{/each}} 17:30:39 {{/with}} 17:30:39 {{/with}} 17:30:39 {{/with}}``` 17:30:39 17:30:39 17:30:39 ## Recommendation 17:30:39 17:30:39 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:39 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:30:39 [INFO] Analysis Complete (2 seconds) 17:30:39 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:30:39 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:30:39 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:30:39 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:30:39 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:30:39 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:30:39 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:30:39 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:30:39 [INFO] 17:30:39 [INFO] ----------------< org.openspcoop2:org.openspcoop2.jax >----------------- 17:30:39 [INFO] Building dependencies.jax 1.0 [14/69] 17:30:39 [INFO] --------------------------------[ pom ]--------------------------------- 17:30:39 [INFO] 17:30:39 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jax --- 17:30:39 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jax (includes = [*.jar], excludes = []) 17:30:39 [INFO] 17:30:39 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jax --- 17:30:39 [INFO] 17:30:39 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.jax --- 17:30:39 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/jax/jsr181-api-1.0-MR1.jar to /var/lib/jenkins/workspace/GovWay/lib/jax/jaxws-jsr181-api-2.3.1.jar 17:30:39 [INFO] 17:30:39 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jax --- 17:30:39 [INFO] Executing tasks 17:30:39 [INFO] Executed tasks 17:30:39 [INFO] 17:30:39 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jax --- 17:30:40 [INFO] Executing tasks 17:30:45 [INFO] Executed tasks 17:30:45 [INFO] 17:30:45 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.jax --- 17:30:45 [INFO] Checking for updates 17:30:45 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:30:45 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:30:45 [INFO] Check for updates complete (70 ms) 17:30:45 [INFO] 17:30:45 17:30:45 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:30:45 17:30:45 17:30:45 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:30:45 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:30:45 17:30:45 17:30:45 [INFO] Analysis Started 17:30:45 [INFO] Finished Archive Analyzer (0 seconds) 17:30:45 [INFO] Finished File Name Analyzer (0 seconds) 17:30:45 [INFO] Finished Jar Analyzer (0 seconds) 17:30:45 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:30:45 [INFO] Finished Hint Analyzer (0 seconds) 17:30:45 [INFO] Finished Version Filter Analyzer (0 seconds) 17:30:47 [INFO] Created CPE Index (1 seconds) 17:30:47 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:30:47 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:47 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:47 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:47 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:47 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:47 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:47 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:47 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:47 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:47 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:47 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:47 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:47 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:47 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:47 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:47 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:47 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:47 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:47 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:47 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:47 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:47 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:47 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:47 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:47 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:47 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:47 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:47 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:30:47 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:30:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:30:47 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:30:47 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:30:47 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:30:47 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:30:47 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:30:47 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:47 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:47 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:47 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:47 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:47 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:47 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:47 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:47 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:47 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:47 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:47 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:47 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:47 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:47 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:47 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:47 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:47 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:47 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:47 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:47 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:47 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:47 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:47 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:47 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:47 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:47 [INFO] Finished CPE Analyzer (1 seconds) 17:30:47 [INFO] Finished False Positive Analyzer (0 seconds) 17:30:47 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:30:47 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:30:47 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:30:47 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:30:47 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:30:47 17:30:47 17:30:47 ## Recommendation 17:30:47 17:30:47 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:30:47 17:30:47 The following template can be used to demonstrate the vulnerability: 17:30:47 ```{{#with "constructor"}} 17:30:47 {{#with split as |a|}} 17:30:47 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:30:47 {{#with (concat (lookup join (slice 0 1)))}} 17:30:47 {{#each (slice 2 3)}} 17:30:47 {{#with (apply 0 a)}} 17:30:47 {{.}} 17:30:47 {{/with}} 17:30:47 {{/each}} 17:30:47 {{/with}} 17:30:47 {{/with}} 17:30:47 {{/with}}``` 17:30:47 17:30:47 17:30:47 ## Recommendation 17:30:47 17:30:47 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:30:47 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:30:47 [INFO] Analysis Complete (2 seconds) 17:30:47 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:30:47 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:30:47 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:30:47 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:30:47 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:30:47 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:30:47 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:30:47 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:30:47 [INFO] 17:30:47 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jetty >---------------- 17:30:47 [INFO] Building dependencies.jetty 1.0 [15/69] 17:30:47 [INFO] --------------------------------[ pom ]--------------------------------- 17:30:47 [INFO] 17:30:47 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jetty --- 17:30:47 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jetty (includes = [*.jar], excludes = []) 17:30:47 [INFO] 17:30:47 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jetty --- 17:30:47 [INFO] 17:30:47 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jetty --- 17:30:47 [INFO] Executing tasks 17:30:52 [INFO] Executed tasks 17:30:52 [INFO] 17:30:52 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.jetty --- 17:30:52 [INFO] Checking for updates 17:30:52 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:30:52 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:30:52 [INFO] Check for updates complete (69 ms) 17:30:53 [INFO] 17:30:53 17:30:53 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:30:53 17:30:53 17:30:53 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:30:53 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:30:53 17:30:53 17:30:53 [INFO] Analysis Started 17:30:53 [INFO] Finished File Name Analyzer (0 seconds) 17:30:53 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:30:53 [INFO] Finished Hint Analyzer (0 seconds) 17:30:53 [INFO] Finished Version Filter Analyzer (0 seconds) 17:30:54 [INFO] Created CPE Index (1 seconds) 17:30:54 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:30:54 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:54 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:54 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:54 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:54 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:54 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:54 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:54 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:54 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:54 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:54 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:54 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:54 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:54 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:54 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:54 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:54 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:54 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:54 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:54 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:54 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:54 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:54 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:54 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:54 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:54 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:54 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:30:54 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:30:54 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:30:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:30:54 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:30:54 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:30:54 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:30:54 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:30:54 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:30:54 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:30:54 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:30:54 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:30:54 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:30:54 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:30:54 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:30:54 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:30:54 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:30:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:30:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:30:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:30:54 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:30:54 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:30:54 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:30:54 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:30:54 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:30:54 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:30:54 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:30:54 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:30:54 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:30:54 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:30:54 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:30:54 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:30:54 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:30:54 at java.lang.reflect.Method.invoke (Method.java:566) 17:30:54 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:30:54 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:30:54 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:30:54 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:30:54 [INFO] Finished CPE Analyzer (1 seconds) 17:30:54 [INFO] Finished False Positive Analyzer (0 seconds) 17:30:54 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:30:54 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:30:54 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:30:54 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:30:54 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:30:54 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:30:54 [INFO] Analysis Complete (1 seconds) 17:30:54 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:30:54 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:30:54 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:30:54 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:30:54 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:30:54 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:30:54 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:30:54 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:30:54 [INFO] 17:30:54 [INFO] ---------------< org.openspcoop2:org.openspcoop2.jminix >--------------- 17:30:54 [INFO] Building dependencies.jminix 1.0 [16/69] 17:30:54 [INFO] --------------------------------[ pom ]--------------------------------- 17:30:54 [INFO] 17:30:54 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.jminix --- 17:30:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/jminix (includes = [*.jar], excludes = []) 17:30:54 [INFO] 17:30:54 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.jminix --- 17:30:54 [INFO] 17:30:54 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.jminix --- 17:30:54 [INFO] Executing tasks 17:30:54 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/jminix/jminix-1.2.0.jar 17:30:54 [INFO] Executed tasks 17:30:54 [INFO] 17:30:54 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.jminix --- 17:30:54 [INFO] Executing tasks 17:30:59 [INFO] Executed tasks 17:30:59 [INFO] 17:30:59 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.jminix --- 17:30:59 [INFO] Checking for updates 17:30:59 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:30:59 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:30:59 [INFO] Check for updates complete (74 ms) 17:31:00 [INFO] 17:31:00 17:31:00 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:31:00 17:31:00 17:31:00 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:31:00 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:31:00 17:31:00 17:31:00 [INFO] Analysis Started 17:31:00 [INFO] Finished Archive Analyzer (0 seconds) 17:31:00 [INFO] Finished File Name Analyzer (0 seconds) 17:31:00 [INFO] Finished Jar Analyzer (0 seconds) 17:31:00 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:31:00 [INFO] Finished Hint Analyzer (0 seconds) 17:31:00 [INFO] Finished Version Filter Analyzer (0 seconds) 17:31:01 [INFO] Created CPE Index (1 seconds) 17:31:01 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:31:01 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:01 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:01 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:01 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:01 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:01 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:01 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:01 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:01 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:01 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:01 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:01 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:01 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:01 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:01 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:01 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:01 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:01 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:01 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:01 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:01 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:01 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:01 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:01 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:01 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:01 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:01 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:01 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:31:01 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:31:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:31:01 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:31:01 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:31:01 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:31:01 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:31:01 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:31:01 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:01 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:01 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:01 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:01 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:01 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:01 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:01 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:01 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:01 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:01 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:01 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:01 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:01 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:01 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:01 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:01 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:01 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:01 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:01 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:01 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:01 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:01 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:01 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:01 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:01 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:01 [INFO] Finished CPE Analyzer (1 seconds) 17:31:01 [INFO] Finished False Positive Analyzer (0 seconds) 17:31:01 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:31:03 [INFO] Finished RetireJS Analyzer (1 seconds) 17:31:03 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:31:03 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:31:03 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:31:03 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:31:03 17:31:03 17:31:03 ## Recommendation 17:31:03 17:31:03 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:31:03 17:31:03 The following template can be used to demonstrate the vulnerability: 17:31:03 ```{{#with "constructor"}} 17:31:03 {{#with split as |a|}} 17:31:03 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:31:03 {{#with (concat (lookup join (slice 0 1)))}} 17:31:03 {{#each (slice 2 3)}} 17:31:03 {{#with (apply 0 a)}} 17:31:03 {{.}} 17:31:03 {{/with}} 17:31:03 {{/each}} 17:31:03 {{/with}} 17:31:03 {{/with}} 17:31:03 {{/with}}``` 17:31:03 17:31:03 17:31:03 ## Recommendation 17:31:03 17:31:03 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:03 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:31:03 [INFO] Analysis Complete (2 seconds) 17:31:03 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:31:03 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:31:03 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:31:03 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:31:03 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:31:03 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:31:03 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:31:03 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:31:03 [INFO] 17:31:03 [INFO] ----------------< org.openspcoop2:org.openspcoop2.json >---------------- 17:31:03 [INFO] Building dependencies.json 1.0 [17/69] 17:31:03 [INFO] --------------------------------[ pom ]--------------------------------- 17:31:03 [INFO] 17:31:03 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.json --- 17:31:03 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/json (includes = [*.jar], excludes = []) 17:31:03 [INFO] 17:31:03 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.json --- 17:31:03 [INFO] 17:31:03 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.json --- 17:31:03 [INFO] Executing tasks 17:31:03 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/json/json-path-2.9.0.jar 17:31:03 [INFO] Executed tasks 17:31:03 [INFO] 17:31:03 [INFO] --- copy-rename-maven-plugin:1.0:rename (rename-file) @ org.openspcoop2.json --- 17:31:03 [INFO] Renamed /var/lib/jenkins/workspace/GovWay/lib/json/json-schema-validator-1.0.73.jar to /var/lib/jenkins/workspace/GovWay/lib/json/networknt_json-schema-validator-1.0.73.jar 17:31:03 [INFO] 17:31:03 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.json --- 17:31:03 [INFO] Executing tasks 17:31:08 [INFO] Executed tasks 17:31:08 [INFO] 17:31:08 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.json --- 17:31:08 [INFO] Checking for updates 17:31:08 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:31:08 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:31:08 [INFO] Check for updates complete (75 ms) 17:31:08 [INFO] 17:31:08 17:31:08 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:31:08 17:31:08 17:31:08 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:31:08 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:31:08 17:31:08 17:31:08 [INFO] Analysis Started 17:31:08 [INFO] Finished Archive Analyzer (0 seconds) 17:31:08 [INFO] Finished File Name Analyzer (0 seconds) 17:31:08 [INFO] Finished Jar Analyzer (0 seconds) 17:31:08 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:31:08 [INFO] Finished Hint Analyzer (0 seconds) 17:31:08 [INFO] Finished Version Filter Analyzer (0 seconds) 17:31:10 [INFO] Created CPE Index (1 seconds) 17:31:10 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:31:10 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:10 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:10 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:10 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:10 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:10 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:10 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:10 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:10 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:10 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:10 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:10 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:10 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:10 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:10 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:10 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:10 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:10 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:10 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:10 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:10 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:10 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:10 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:10 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:10 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:10 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:10 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:10 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:31:10 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:31:10 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:31:10 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:31:10 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:31:10 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:31:10 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:31:10 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:31:10 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:10 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:10 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:10 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:10 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:10 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:10 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:10 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:10 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:10 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:10 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:10 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:10 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:10 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:10 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:10 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:10 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:10 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:10 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:10 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:10 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:10 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:10 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:10 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:10 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:10 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:10 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:10 [INFO] Finished CPE Analyzer (1 seconds) 17:31:10 [INFO] Finished False Positive Analyzer (0 seconds) 17:31:10 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:31:10 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:31:10 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:31:10 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:31:10 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:31:10 17:31:10 17:31:10 ## Recommendation 17:31:10 17:31:10 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:31:10 17:31:10 The following template can be used to demonstrate the vulnerability: 17:31:10 ```{{#with "constructor"}} 17:31:10 {{#with split as |a|}} 17:31:10 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:31:10 {{#with (concat (lookup join (slice 0 1)))}} 17:31:10 {{#each (slice 2 3)}} 17:31:10 {{#with (apply 0 a)}} 17:31:10 {{.}} 17:31:10 {{/with}} 17:31:10 {{/each}} 17:31:10 {{/with}} 17:31:10 {{/with}} 17:31:10 {{/with}}``` 17:31:10 17:31:10 17:31:10 ## Recommendation 17:31:10 17:31:10 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:10 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:31:10 [INFO] Analysis Complete (1 seconds) 17:31:10 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:31:10 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:31:10 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:31:10 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:31:10 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:31:10 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:31:10 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:31:10 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:31:10 [WARNING] 17:31:10 17:31:10 One or more dependencies were identified with known vulnerabilities in dependencies.json: 17:31:10 17:31:10 json-schema-validator-1.0.73.jar (pkg:maven/com.networknt/json-schema-validator@1.0.73, cpe:2.3:a:json-schema_project:json-schema:1.0.73:*:*:*:*:*:*:*, cpe:2.3:a:validator:validator:1.0.73:*:*:*:*:*:*:*) : CVE-2025-15104 17:31:10 17:31:10 17:31:10 See the dependency-check report for more details. 17:31:10 17:31:10 17:31:10 [INFO] 17:31:10 [INFO] ----------------< org.openspcoop2:org.openspcoop2.log >----------------- 17:31:10 [INFO] Building dependencies.log 1.0 [18/69] 17:31:10 [INFO] --------------------------------[ pom ]--------------------------------- 17:31:10 [INFO] 17:31:10 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.log --- 17:31:10 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/log (includes = [*.jar], excludes = []) 17:31:10 [INFO] 17:31:10 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.log --- 17:31:10 [INFO] 17:31:10 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.log --- 17:31:10 [INFO] Executing tasks 17:31:10 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/log/slf4j-api-2.0.16.jar 17:31:10 [INFO] Executed tasks 17:31:10 [INFO] 17:31:10 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.log --- 17:31:10 [INFO] Executing tasks 17:31:15 [INFO] Executed tasks 17:31:15 [INFO] 17:31:15 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.log --- 17:31:15 [INFO] Checking for updates 17:31:15 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:31:15 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:31:15 [INFO] Check for updates complete (72 ms) 17:31:16 [INFO] 17:31:16 17:31:16 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:31:16 17:31:16 17:31:16 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:31:16 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:31:16 17:31:16 17:31:16 [INFO] Analysis Started 17:31:16 [INFO] Finished Archive Analyzer (0 seconds) 17:31:16 [INFO] Finished File Name Analyzer (0 seconds) 17:31:16 [INFO] Finished Jar Analyzer (0 seconds) 17:31:16 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:31:16 [INFO] Finished Hint Analyzer (0 seconds) 17:31:16 [INFO] Finished Version Filter Analyzer (0 seconds) 17:31:17 [INFO] Created CPE Index (1 seconds) 17:31:17 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:31:17 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:17 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:17 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:17 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:17 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:17 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:17 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:17 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:17 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:17 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:17 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:17 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:17 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:17 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:17 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:17 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:17 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:17 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:17 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:17 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:17 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:17 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:17 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:17 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:17 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:17 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:17 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:17 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:17 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:17 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:17 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:31:17 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:31:17 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:31:17 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:31:17 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:31:17 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:31:17 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:31:17 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:31:17 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:17 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:17 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:17 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:17 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:17 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:17 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:17 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:17 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:17 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:17 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:17 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:17 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:17 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:17 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:17 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:17 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:17 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:17 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:17 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:17 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:17 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:17 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:17 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:17 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:17 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:17 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:17 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:17 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:17 [INFO] Finished CPE Analyzer (1 seconds) 17:31:17 [INFO] Finished False Positive Analyzer (0 seconds) 17:31:17 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:31:17 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:31:17 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:31:17 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:31:17 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:31:17 17:31:17 17:31:17 ## Recommendation 17:31:17 17:31:17 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:31:17 17:31:17 The following template can be used to demonstrate the vulnerability: 17:31:17 ```{{#with "constructor"}} 17:31:17 {{#with split as |a|}} 17:31:17 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:31:17 {{#with (concat (lookup join (slice 0 1)))}} 17:31:17 {{#each (slice 2 3)}} 17:31:17 {{#with (apply 0 a)}} 17:31:17 {{.}} 17:31:17 {{/with}} 17:31:17 {{/each}} 17:31:17 {{/with}} 17:31:17 {{/with}} 17:31:17 {{/with}}``` 17:31:17 17:31:17 17:31:17 ## Recommendation 17:31:17 17:31:17 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:17 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:31:17 [INFO] Analysis Complete (1 seconds) 17:31:17 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:31:17 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:31:17 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:31:17 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:31:17 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:31:17 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:31:17 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:31:17 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:31:18 [INFO] 17:31:18 [INFO] ---------------< org.openspcoop2:org.openspcoop2.lucene >--------------- 17:31:18 [INFO] Building dependencies.lucene 1.0 [19/69] 17:31:18 [INFO] --------------------------------[ pom ]--------------------------------- 17:31:18 [INFO] 17:31:18 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.lucene --- 17:31:18 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/lucene (includes = [*.jar], excludes = []) 17:31:18 [INFO] 17:31:18 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.lucene --- 17:31:18 [INFO] 17:31:18 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.lucene --- 17:31:18 [INFO] Executing tasks 17:31:23 [INFO] Executed tasks 17:31:23 [INFO] 17:31:23 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.lucene --- 17:31:23 [INFO] Checking for updates 17:31:23 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:31:23 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:31:23 [INFO] Check for updates complete (74 ms) 17:31:23 [INFO] 17:31:23 17:31:23 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:31:23 17:31:23 17:31:23 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:31:23 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:31:23 17:31:23 17:31:23 [INFO] Analysis Started 17:31:23 [INFO] Finished Archive Analyzer (0 seconds) 17:31:23 [INFO] Finished File Name Analyzer (0 seconds) 17:31:23 [INFO] Finished Jar Analyzer (0 seconds) 17:31:23 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:31:23 [INFO] Finished Hint Analyzer (0 seconds) 17:31:23 [INFO] Finished Version Filter Analyzer (0 seconds) 17:31:24 [INFO] Created CPE Index (1 seconds) 17:31:24 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:31:24 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:24 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:24 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:24 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:24 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:24 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:24 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:24 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:24 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:24 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:24 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:24 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:24 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:24 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:24 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:24 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:24 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:24 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:24 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:24 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:24 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:24 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:24 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:24 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:24 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:24 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:24 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:24 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:31:24 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:31:24 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:31:24 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:31:24 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:31:24 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:31:24 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:31:24 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:31:24 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:24 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:24 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:24 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:24 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:24 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:24 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:24 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:24 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:24 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:24 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:24 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:24 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:24 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:24 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:24 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:24 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:24 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:24 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:24 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:24 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:24 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:24 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:24 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:24 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:24 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:24 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:25 [INFO] Finished CPE Analyzer (1 seconds) 17:31:25 [INFO] Finished False Positive Analyzer (0 seconds) 17:31:25 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:31:25 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:31:25 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:31:25 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:31:25 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:31:25 17:31:25 17:31:25 ## Recommendation 17:31:25 17:31:25 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:31:25 17:31:25 The following template can be used to demonstrate the vulnerability: 17:31:25 ```{{#with "constructor"}} 17:31:25 {{#with split as |a|}} 17:31:25 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:31:25 {{#with (concat (lookup join (slice 0 1)))}} 17:31:25 {{#each (slice 2 3)}} 17:31:25 {{#with (apply 0 a)}} 17:31:25 {{.}} 17:31:25 {{/with}} 17:31:25 {{/each}} 17:31:25 {{/with}} 17:31:25 {{/with}} 17:31:25 {{/with}}``` 17:31:25 17:31:25 17:31:25 ## Recommendation 17:31:25 17:31:25 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:25 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:31:25 [INFO] Analysis Complete (1 seconds) 17:31:25 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:31:25 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:31:25 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:31:25 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:31:25 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:31:25 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:31:25 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:31:25 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:31:25 [INFO] 17:31:25 [INFO] -------------< org.openspcoop2:org.openspcoop2.openapi4j >-------------- 17:31:25 [INFO] Building dependencies.openapi4j 1.0 [20/69] 17:31:25 [INFO] --------------------------------[ pom ]--------------------------------- 17:31:25 [INFO] 17:31:25 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.openapi4j --- 17:31:25 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/openapi4j (includes = [*.jar], excludes = []) 17:31:25 [INFO] 17:31:25 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.openapi4j --- 17:31:25 [INFO] 17:31:25 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.openapi4j --- 17:31:25 [INFO] Executing tasks 17:31:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-core-1.0.7.jar 17:31:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-parser-1.0.7.jar 17:31:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-schema-validator-1.0.7.jar 17:31:25 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/openapi4j/openapi-operation-validator-1.0.7.jar 17:31:25 [INFO] Executed tasks 17:31:25 [INFO] 17:31:25 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.openapi4j --- 17:31:25 [INFO] Executing tasks 17:31:30 [INFO] Executed tasks 17:31:30 [INFO] 17:31:30 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.openapi4j --- 17:31:30 [INFO] Checking for updates 17:31:30 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:31:30 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:31:30 [INFO] Check for updates complete (183 ms) 17:31:30 [INFO] 17:31:30 17:31:30 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:31:30 17:31:30 17:31:30 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:31:30 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:31:30 17:31:30 17:31:30 [INFO] Analysis Started 17:31:30 [INFO] Finished Archive Analyzer (0 seconds) 17:31:30 [INFO] Finished File Name Analyzer (0 seconds) 17:31:30 [INFO] Finished Jar Analyzer (0 seconds) 17:31:30 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:31:30 [INFO] Finished Hint Analyzer (0 seconds) 17:31:30 [INFO] Finished Version Filter Analyzer (0 seconds) 17:31:32 [INFO] Created CPE Index (1 seconds) 17:31:32 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:31:32 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:32 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:32 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:32 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:32 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:32 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:32 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:32 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:32 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:32 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:32 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:32 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:32 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:32 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:32 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:32 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:32 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:32 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:32 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:32 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:32 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:32 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:32 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:32 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:32 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:32 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:32 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:32 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:32 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:32 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:32 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:31:32 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:31:32 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:31:32 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:31:32 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:31:32 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:31:32 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:31:32 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:31:32 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:32 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:32 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:32 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:32 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:32 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:32 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:32 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:32 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:32 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:32 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:32 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:32 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:32 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:32 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:32 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:32 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:32 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:32 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:32 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:32 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:32 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:32 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:32 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:32 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:32 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:32 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:32 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:32 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:32 [INFO] Finished CPE Analyzer (1 seconds) 17:31:32 [INFO] Finished False Positive Analyzer (0 seconds) 17:31:32 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:31:32 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:31:32 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:31:32 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:31:32 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:31:32 17:31:32 17:31:32 ## Recommendation 17:31:32 17:31:32 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:31:32 17:31:32 The following template can be used to demonstrate the vulnerability: 17:31:32 ```{{#with "constructor"}} 17:31:32 {{#with split as |a|}} 17:31:32 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:31:32 {{#with (concat (lookup join (slice 0 1)))}} 17:31:32 {{#each (slice 2 3)}} 17:31:32 {{#with (apply 0 a)}} 17:31:32 {{.}} 17:31:32 {{/with}} 17:31:32 {{/each}} 17:31:32 {{/with}} 17:31:32 {{/with}} 17:31:32 {{/with}}``` 17:31:32 17:31:32 17:31:32 ## Recommendation 17:31:32 17:31:32 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:32 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:31:32 [INFO] Analysis Complete (1 seconds) 17:31:32 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:31:32 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:31:32 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:31:32 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:31:32 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:31:32 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:31:32 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:31:32 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:31:32 [INFO] 17:31:32 [INFO] --------------< org.openspcoop2:org.openspcoop2.opensaml >-------------- 17:31:32 [INFO] Building dependencies.opensaml 1.0 [21/69] 17:31:32 [INFO] --------------------------------[ pom ]--------------------------------- 17:31:32 [INFO] 17:31:32 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.opensaml --- 17:31:32 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/opensaml (includes = [*.jar], excludes = []) 17:31:32 [INFO] 17:31:32 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.opensaml --- 17:31:32 [INFO] 17:31:32 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.opensaml --- 17:31:32 [INFO] Executing tasks 17:31:37 [INFO] Executed tasks 17:31:37 [INFO] 17:31:37 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.opensaml --- 17:31:37 [INFO] Checking for updates 17:31:37 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:31:37 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:31:37 [INFO] Check for updates complete (67 ms) 17:31:38 [INFO] 17:31:38 17:31:38 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:31:38 17:31:38 17:31:38 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:31:38 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:31:38 17:31:38 17:31:38 [INFO] Analysis Started 17:31:38 [INFO] Finished Archive Analyzer (0 seconds) 17:31:38 [INFO] Finished File Name Analyzer (0 seconds) 17:31:38 [INFO] Finished Jar Analyzer (0 seconds) 17:31:38 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:31:38 [INFO] Finished Hint Analyzer (0 seconds) 17:31:38 [INFO] Finished Version Filter Analyzer (0 seconds) 17:31:39 [INFO] Created CPE Index (1 seconds) 17:31:39 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:31:39 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:39 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:39 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:39 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:39 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:39 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:39 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:39 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:39 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:39 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:39 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:39 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:39 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:39 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:39 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:39 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:39 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:39 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:39 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:39 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:39 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:39 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:39 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:39 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:39 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:39 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:39 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:39 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:31:39 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:31:39 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:31:39 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:31:39 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:31:39 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:31:39 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:31:39 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:31:39 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:39 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:39 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:39 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:39 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:39 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:39 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:39 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:39 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:39 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:39 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:39 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:39 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:39 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:39 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:39 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:39 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:39 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:39 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:39 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:39 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:39 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:39 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:39 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:39 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:39 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:39 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:39 [INFO] Finished CPE Analyzer (1 seconds) 17:31:39 [INFO] Finished False Positive Analyzer (0 seconds) 17:31:39 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:31:39 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:31:39 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:31:39 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:31:39 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:31:39 17:31:39 17:31:39 ## Recommendation 17:31:39 17:31:39 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:31:39 17:31:39 The following template can be used to demonstrate the vulnerability: 17:31:39 ```{{#with "constructor"}} 17:31:39 {{#with split as |a|}} 17:31:39 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:31:39 {{#with (concat (lookup join (slice 0 1)))}} 17:31:39 {{#each (slice 2 3)}} 17:31:39 {{#with (apply 0 a)}} 17:31:39 {{.}} 17:31:39 {{/with}} 17:31:39 {{/each}} 17:31:39 {{/with}} 17:31:39 {{/with}} 17:31:39 {{/with}}``` 17:31:39 17:31:39 17:31:39 ## Recommendation 17:31:39 17:31:39 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:39 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:31:39 [INFO] Analysis Complete (1 seconds) 17:31:39 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:31:39 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:31:39 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:31:40 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:31:40 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:31:40 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:31:40 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:31:40 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:31:40 [INFO] 17:31:40 [INFO] ----------------< org.openspcoop2:org.openspcoop2.pdf >----------------- 17:31:40 [INFO] Building dependencies.pdf 1.0 [22/69] 17:31:40 [INFO] --------------------------------[ pom ]--------------------------------- 17:31:40 [INFO] 17:31:40 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.pdf --- 17:31:40 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/pdf (includes = [*.jar], excludes = []) 17:31:40 [INFO] 17:31:40 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.pdf --- 17:31:40 [INFO] 17:31:40 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.pdf --- 17:31:40 [INFO] Executing tasks 17:31:45 [INFO] Executed tasks 17:31:45 [INFO] 17:31:45 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.pdf --- 17:31:45 [INFO] Checking for updates 17:31:45 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:31:45 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:31:45 [INFO] Check for updates complete (67 ms) 17:31:45 [INFO] 17:31:45 17:31:45 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:31:45 17:31:45 17:31:45 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:31:45 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:31:45 17:31:45 17:31:45 [INFO] Analysis Started 17:31:45 [INFO] Finished Archive Analyzer (0 seconds) 17:31:45 [INFO] Finished File Name Analyzer (0 seconds) 17:31:45 [INFO] Finished Jar Analyzer (0 seconds) 17:31:45 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:31:45 [INFO] Finished Hint Analyzer (0 seconds) 17:31:45 [INFO] Finished Version Filter Analyzer (0 seconds) 17:31:47 [INFO] Created CPE Index (1 seconds) 17:31:47 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:31:47 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:47 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:47 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:47 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:47 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:47 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:47 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:47 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:47 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:47 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:47 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:47 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:47 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:47 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:47 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:47 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:47 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:47 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:47 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:47 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:47 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:47 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:47 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:47 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:47 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:47 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:47 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:47 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:31:47 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:31:47 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:31:47 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:31:47 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:31:47 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:31:47 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:31:47 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:31:47 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:47 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:47 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:47 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:47 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:47 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:47 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:47 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:47 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:47 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:47 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:47 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:47 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:47 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:47 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:47 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:47 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:47 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:47 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:47 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:47 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:47 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:47 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:47 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:47 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:47 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:47 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:47 [INFO] Finished CPE Analyzer (1 seconds) 17:31:47 [INFO] Finished False Positive Analyzer (0 seconds) 17:31:47 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:31:47 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:31:47 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:31:47 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:31:47 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:31:47 17:31:47 17:31:47 ## Recommendation 17:31:47 17:31:47 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:31:47 17:31:47 The following template can be used to demonstrate the vulnerability: 17:31:47 ```{{#with "constructor"}} 17:31:47 {{#with split as |a|}} 17:31:47 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:31:47 {{#with (concat (lookup join (slice 0 1)))}} 17:31:47 {{#each (slice 2 3)}} 17:31:47 {{#with (apply 0 a)}} 17:31:47 {{.}} 17:31:47 {{/with}} 17:31:47 {{/each}} 17:31:47 {{/with}} 17:31:47 {{/with}} 17:31:47 {{/with}}``` 17:31:47 17:31:47 17:31:47 ## Recommendation 17:31:47 17:31:47 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:47 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:31:47 [INFO] Analysis Complete (1 seconds) 17:31:47 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:31:47 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:31:47 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:31:47 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:31:47 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:31:47 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:31:47 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:31:47 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:31:47 [INFO] 17:31:47 [INFO] ---------------< org.openspcoop2:org.openspcoop2.redis >---------------- 17:31:47 [INFO] Building dependencies.redis 1.0 [23/69] 17:31:47 [INFO] --------------------------------[ pom ]--------------------------------- 17:31:47 [INFO] 17:31:47 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.redis --- 17:31:47 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/redis (includes = [*.jar], excludes = []) 17:31:47 [INFO] 17:31:47 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.redis --- 17:31:47 [INFO] 17:31:47 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.redis --- 17:31:47 [INFO] Executing tasks 17:31:52 [INFO] Executed tasks 17:31:52 [INFO] 17:31:52 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.redis --- 17:31:52 [INFO] Checking for updates 17:31:52 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:31:52 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:31:52 [INFO] Check for updates complete (69 ms) 17:31:52 [INFO] 17:31:52 17:31:52 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:31:52 17:31:52 17:31:52 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:31:52 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:31:52 17:31:52 17:31:52 [INFO] Analysis Started 17:31:52 [INFO] Finished Archive Analyzer (0 seconds) 17:31:52 [INFO] Finished File Name Analyzer (0 seconds) 17:31:52 [INFO] Finished Jar Analyzer (0 seconds) 17:31:52 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:31:52 [INFO] Finished Hint Analyzer (0 seconds) 17:31:52 [INFO] Finished Version Filter Analyzer (0 seconds) 17:31:54 [INFO] Created CPE Index (1 seconds) 17:31:54 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:31:54 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:54 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:54 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:54 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:54 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:54 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:54 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:54 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:54 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:54 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:54 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:54 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:54 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:54 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:54 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:54 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:54 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:54 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:54 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:54 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:54 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:54 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:54 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:54 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:54 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:54 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:54 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:31:54 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:31:54 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:31:54 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:31:54 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:31:54 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:31:54 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:31:54 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:31:54 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:31:54 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:31:54 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:31:54 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:31:54 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:31:54 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:31:54 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:31:54 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:31:54 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:31:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:31:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:31:54 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:31:54 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:31:54 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:31:54 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:31:54 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:31:54 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:31:54 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:31:54 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:31:54 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:31:54 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:31:54 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:31:54 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:31:54 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:31:54 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:31:54 at java.lang.reflect.Method.invoke (Method.java:566) 17:31:54 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:31:54 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:31:54 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:31:54 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:31:54 [INFO] Finished CPE Analyzer (1 seconds) 17:31:54 [INFO] Finished False Positive Analyzer (0 seconds) 17:31:54 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:31:54 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:31:54 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:31:54 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:31:54 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:31:54 17:31:54 17:31:54 ## Recommendation 17:31:54 17:31:54 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:31:54 17:31:54 The following template can be used to demonstrate the vulnerability: 17:31:54 ```{{#with "constructor"}} 17:31:54 {{#with split as |a|}} 17:31:54 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:31:54 {{#with (concat (lookup join (slice 0 1)))}} 17:31:54 {{#each (slice 2 3)}} 17:31:54 {{#with (apply 0 a)}} 17:31:54 {{.}} 17:31:54 {{/with}} 17:31:54 {{/each}} 17:31:54 {{/with}} 17:31:54 {{/with}} 17:31:54 {{/with}}``` 17:31:54 17:31:54 17:31:54 ## Recommendation 17:31:54 17:31:54 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:31:54 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:31:54 [INFO] Analysis Complete (1 seconds) 17:31:54 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:31:54 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:31:54 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:31:54 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:31:54 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:31:54 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:31:54 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:31:54 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:31:54 [INFO] 17:31:54 [INFO] --------------< org.openspcoop2:org.openspcoop2.reports >--------------- 17:31:54 [INFO] Building dependencies.reports 1.0 [24/69] 17:31:54 [INFO] --------------------------------[ pom ]--------------------------------- 17:31:54 [INFO] 17:31:54 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.reports --- 17:31:54 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/reports (includes = [*.jar], excludes = []) 17:31:54 [INFO] 17:31:54 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.reports --- 17:31:54 [INFO] 17:31:54 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.reports --- 17:31:54 [INFO] Executing tasks 17:31:59 [INFO] Executed tasks 17:31:59 [INFO] 17:31:59 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.reports --- 17:31:59 [INFO] Checking for updates 17:31:59 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:31:59 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:31:59 [INFO] Check for updates complete (70 ms) 17:32:00 [INFO] 17:32:00 17:32:00 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:32:00 17:32:00 17:32:00 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:32:00 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:32:00 17:32:00 17:32:00 [INFO] Analysis Started 17:32:00 [INFO] Finished Archive Analyzer (0 seconds) 17:32:00 [INFO] Finished File Name Analyzer (0 seconds) 17:32:00 [INFO] Finished Jar Analyzer (0 seconds) 17:32:00 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:32:00 [INFO] Finished Hint Analyzer (0 seconds) 17:32:00 [INFO] Finished Version Filter Analyzer (0 seconds) 17:32:01 [INFO] Created CPE Index (1 seconds) 17:32:01 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:32:01 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:01 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:01 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:01 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:01 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:01 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:01 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:01 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:01 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:01 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:01 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:01 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:01 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:01 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:01 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:01 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:01 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:01 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:01 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:01 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:01 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:01 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:01 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:01 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:01 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:01 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:01 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:01 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:32:01 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:32:01 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:32:01 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:32:01 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:32:01 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:32:01 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:32:01 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:32:01 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:01 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:01 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:01 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:01 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:01 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:01 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:01 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:01 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:01 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:01 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:01 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:01 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:01 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:01 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:01 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:01 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:01 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:01 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:01 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:01 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:01 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:01 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:01 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:01 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:01 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:01 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:01 [INFO] Finished CPE Analyzer (1 seconds) 17:32:01 [INFO] Finished False Positive Analyzer (0 seconds) 17:32:01 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:32:02 [INFO] Finished RetireJS Analyzer (0 seconds) 17:32:02 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:32:02 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:32:02 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:32:02 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:32:02 17:32:02 17:32:02 ## Recommendation 17:32:02 17:32:02 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:32:02 17:32:02 The following template can be used to demonstrate the vulnerability: 17:32:02 ```{{#with "constructor"}} 17:32:02 {{#with split as |a|}} 17:32:02 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:32:02 {{#with (concat (lookup join (slice 0 1)))}} 17:32:02 {{#each (slice 2 3)}} 17:32:02 {{#with (apply 0 a)}} 17:32:02 {{.}} 17:32:02 {{/with}} 17:32:02 {{/each}} 17:32:02 {{/with}} 17:32:02 {{/with}} 17:32:02 {{/with}}``` 17:32:02 17:32:02 17:32:02 ## Recommendation 17:32:02 17:32:02 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:02 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:32:02 [INFO] Analysis Complete (1 seconds) 17:32:02 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:32:02 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:32:02 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:32:02 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:32:02 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:32:02 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:32:02 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:32:02 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:32:02 [INFO] 17:32:02 [INFO] ----------------< org.openspcoop2:org.openspcoop2.saaj >---------------- 17:32:02 [INFO] Building dependencies.saaj 1.0 [25/69] 17:32:02 [INFO] --------------------------------[ pom ]--------------------------------- 17:32:02 [INFO] 17:32:02 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.saaj --- 17:32:02 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/saaj (includes = [*.jar], excludes = []) 17:32:02 [INFO] 17:32:02 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.saaj --- 17:32:02 [INFO] 17:32:02 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.saaj --- 17:32:02 [INFO] Executing tasks 17:32:02 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/saaj/saaj-impl-1.5.3.jar 17:32:02 [INFO] Executed tasks 17:32:02 [INFO] 17:32:02 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.saaj --- 17:32:02 [INFO] Executing tasks 17:32:07 [INFO] Executed tasks 17:32:07 [INFO] 17:32:07 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.saaj --- 17:32:07 [INFO] Checking for updates 17:32:07 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:32:07 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:32:07 [INFO] Check for updates complete (73 ms) 17:32:07 [INFO] 17:32:07 17:32:07 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:32:07 17:32:07 17:32:07 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:32:07 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:32:07 17:32:07 17:32:07 [INFO] Analysis Started 17:32:07 [INFO] Finished Archive Analyzer (0 seconds) 17:32:07 [INFO] Finished File Name Analyzer (0 seconds) 17:32:07 [INFO] Finished Jar Analyzer (0 seconds) 17:32:07 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:32:07 [INFO] Finished Hint Analyzer (0 seconds) 17:32:07 [INFO] Finished Version Filter Analyzer (0 seconds) 17:32:09 [INFO] Created CPE Index (1 seconds) 17:32:09 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:32:09 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:09 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:09 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:09 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:09 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:09 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:09 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:09 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:09 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:09 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:09 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:09 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:09 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:09 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:09 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:09 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:09 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:09 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:09 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:09 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:09 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:09 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:09 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:09 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:09 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:09 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:09 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:09 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:09 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:09 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:09 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:32:09 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:32:09 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:32:09 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:32:09 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:32:09 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:32:09 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:32:09 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:32:09 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:09 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:09 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:09 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:09 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:09 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:09 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:09 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:09 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:09 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:09 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:09 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:09 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:09 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:09 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:09 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:09 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:09 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:09 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:09 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:09 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:09 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:09 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:09 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:09 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:09 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:09 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:09 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:09 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:09 [INFO] Finished CPE Analyzer (1 seconds) 17:32:09 [INFO] Finished False Positive Analyzer (0 seconds) 17:32:09 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:32:09 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:32:09 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:32:09 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:32:09 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:32:09 17:32:09 17:32:09 ## Recommendation 17:32:09 17:32:09 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:32:09 17:32:09 The following template can be used to demonstrate the vulnerability: 17:32:09 ```{{#with "constructor"}} 17:32:09 {{#with split as |a|}} 17:32:09 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:32:09 {{#with (concat (lookup join (slice 0 1)))}} 17:32:09 {{#each (slice 2 3)}} 17:32:09 {{#with (apply 0 a)}} 17:32:09 {{.}} 17:32:09 {{/with}} 17:32:09 {{/each}} 17:32:09 {{/with}} 17:32:09 {{/with}} 17:32:09 {{/with}}``` 17:32:09 17:32:09 17:32:09 ## Recommendation 17:32:09 17:32:09 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:09 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:32:09 [INFO] Analysis Complete (1 seconds) 17:32:09 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:32:09 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:32:09 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:32:09 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:32:09 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:32:09 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:32:09 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:32:09 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:32:09 [INFO] 17:32:09 [INFO] --------------< org.openspcoop2:org.openspcoop2.security >-------------- 17:32:09 [INFO] Building dependencies.security 1.0 [26/69] 17:32:09 [INFO] --------------------------------[ pom ]--------------------------------- 17:32:09 [INFO] 17:32:09 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.security --- 17:32:09 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/security (includes = [*.jar], excludes = []) 17:32:09 [INFO] 17:32:09 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.security --- 17:32:09 [INFO] 17:32:09 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.security --- 17:32:09 [INFO] Executing tasks 17:32:09 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/security/xmlsec-2.3.4.jar 17:32:09 [INFO] Executed tasks 17:32:09 [INFO] 17:32:09 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.security --- 17:32:09 [INFO] Executing tasks 17:32:14 [INFO] Executed tasks 17:32:14 [INFO] 17:32:14 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.security --- 17:32:14 [INFO] Checking for updates 17:32:14 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:32:14 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:32:14 [INFO] Check for updates complete (76 ms) 17:32:14 [INFO] 17:32:14 17:32:14 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:32:14 17:32:14 17:32:14 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:32:14 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:32:14 17:32:14 17:32:14 [INFO] Analysis Started 17:32:15 [INFO] Finished Archive Analyzer (0 seconds) 17:32:15 [INFO] Finished File Name Analyzer (0 seconds) 17:32:15 [INFO] Finished Jar Analyzer (0 seconds) 17:32:15 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:32:15 [INFO] Finished Hint Analyzer (0 seconds) 17:32:15 [INFO] Finished Version Filter Analyzer (0 seconds) 17:32:16 [INFO] Created CPE Index (1 seconds) 17:32:16 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:32:16 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:16 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:16 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:16 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:16 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:16 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:16 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:16 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:16 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:16 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:16 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:16 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:16 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:16 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:16 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:16 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:16 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:16 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:16 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:16 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:16 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:16 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:16 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:16 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:16 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:16 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:16 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:16 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:32:16 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:32:16 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:32:16 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:32:16 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:32:16 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:32:16 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:32:16 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:32:16 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:16 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:16 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:16 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:16 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:16 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:16 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:16 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:16 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:16 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:16 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:16 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:16 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:16 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:16 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:16 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:16 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:16 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:16 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:16 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:16 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:16 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:16 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:16 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:16 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:16 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:16 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:17 [INFO] Finished CPE Analyzer (1 seconds) 17:32:17 [INFO] Finished False Positive Analyzer (0 seconds) 17:32:17 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:32:17 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:32:17 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:32:17 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:32:17 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:32:17 17:32:17 17:32:17 ## Recommendation 17:32:17 17:32:17 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:32:17 17:32:17 The following template can be used to demonstrate the vulnerability: 17:32:17 ```{{#with "constructor"}} 17:32:17 {{#with split as |a|}} 17:32:17 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:32:17 {{#with (concat (lookup join (slice 0 1)))}} 17:32:17 {{#each (slice 2 3)}} 17:32:17 {{#with (apply 0 a)}} 17:32:17 {{.}} 17:32:17 {{/with}} 17:32:17 {{/each}} 17:32:17 {{/with}} 17:32:17 {{/with}} 17:32:17 {{/with}}``` 17:32:17 17:32:17 17:32:17 ## Recommendation 17:32:17 17:32:17 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:17 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:32:17 [INFO] Analysis Complete (2 seconds) 17:32:17 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:32:17 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:32:17 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:32:17 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:32:17 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:32:17 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:32:17 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:32:17 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:32:17 [INFO] 17:32:17 [INFO] ---------------< org.openspcoop2:org.openspcoop2.shared >--------------- 17:32:17 [INFO] Building dependencies.shared 1.0 [27/69] 17:32:17 [INFO] --------------------------------[ pom ]--------------------------------- 17:32:17 [INFO] 17:32:17 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.shared --- 17:32:17 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/shared (includes = [*.jar], excludes = []) 17:32:17 [INFO] 17:32:17 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.shared --- 17:32:17 [INFO] 17:32:17 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.shared --- 17:32:17 [INFO] Executing tasks 17:32:17 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/commons-jcs3-core-3.1.jar 17:32:17 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/Saxon-HE-11.4.jar 17:32:17 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/shared/snakeyaml-1.33.jar 17:32:17 [INFO] Executed tasks 17:32:17 [INFO] 17:32:17 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.shared --- 17:32:17 [INFO] Executing tasks 17:32:22 [INFO] Executed tasks 17:32:22 [INFO] 17:32:22 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.shared --- 17:32:22 [INFO] Checking for updates 17:32:22 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:32:22 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:32:22 [INFO] Check for updates complete (84 ms) 17:32:22 [INFO] 17:32:22 17:32:22 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:32:22 17:32:22 17:32:22 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:32:22 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:32:22 17:32:22 17:32:22 [INFO] Analysis Started 17:32:23 [INFO] Finished Archive Analyzer (1 seconds) 17:32:23 [INFO] Finished File Name Analyzer (0 seconds) 17:32:24 [INFO] Finished Jar Analyzer (0 seconds) 17:32:24 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:32:24 [INFO] Finished Hint Analyzer (0 seconds) 17:32:24 [INFO] Finished Version Filter Analyzer (0 seconds) 17:32:26 [INFO] Created CPE Index (1 seconds) 17:32:26 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:32:26 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:26 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:26 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:26 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:26 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:26 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:26 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:26 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:26 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:26 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:26 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:26 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:26 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:26 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:26 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:26 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:26 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:26 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:26 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:26 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:26 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:26 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:26 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:26 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:26 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:26 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:26 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:26 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:32:26 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:32:26 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:32:26 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:32:26 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:32:26 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:32:26 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:32:26 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:32:26 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:26 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:26 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:26 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:26 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:26 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:26 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:26 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:26 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:26 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:26 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:26 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:26 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:26 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:26 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:26 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:26 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:26 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:26 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:26 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:26 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:26 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:26 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:26 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:26 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:26 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:26 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:27 [INFO] Finished CPE Analyzer (2 seconds) 17:32:27 [INFO] Finished False Positive Analyzer (0 seconds) 17:32:27 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:32:27 [INFO] Finished RetireJS Analyzer (0 seconds) 17:32:27 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:32:27 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:32:27 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:32:27 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:32:27 17:32:27 17:32:27 ## Recommendation 17:32:27 17:32:27 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:32:27 17:32:27 The following template can be used to demonstrate the vulnerability: 17:32:27 ```{{#with "constructor"}} 17:32:27 {{#with split as |a|}} 17:32:27 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:32:27 {{#with (concat (lookup join (slice 0 1)))}} 17:32:27 {{#each (slice 2 3)}} 17:32:27 {{#with (apply 0 a)}} 17:32:27 {{.}} 17:32:27 {{/with}} 17:32:27 {{/each}} 17:32:27 {{/with}} 17:32:27 {{/with}} 17:32:27 {{/with}}``` 17:32:27 17:32:27 17:32:27 ## Recommendation 17:32:27 17:32:27 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:27 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:32:27 [INFO] Analysis Complete (4 seconds) 17:32:27 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:32:27 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:32:27 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:32:27 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:32:27 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:32:27 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:32:27 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:32:27 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:32:27 [INFO] 17:32:27 [INFO] ---------------< org.openspcoop2:org.openspcoop2.spring >--------------- 17:32:27 [INFO] Building dependencies.spring 1.0 [28/69] 17:32:27 [INFO] --------------------------------[ pom ]--------------------------------- 17:32:27 [INFO] 17:32:27 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring --- 17:32:27 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring (includes = [*.jar], excludes = []) 17:32:27 [INFO] 17:32:27 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring --- 17:32:27 [INFO] 17:32:27 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.spring --- 17:32:27 [INFO] Executing tasks 17:32:27 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-beans-5.3.39.jar 17:32:27 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-5.3.39.jar 17:32:27 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-context-support-5.3.39.jar 17:32:27 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-core-5.3.39.jar 17:32:27 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-expression-5.3.39.jar 17:32:27 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring/spring-web-5.3.39.jar 17:32:27 [INFO] Executed tasks 17:32:27 [INFO] 17:32:27 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring --- 17:32:27 [INFO] Executing tasks 17:32:32 [INFO] Executed tasks 17:32:32 [INFO] 17:32:32 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring --- 17:32:32 [INFO] Checking for updates 17:32:32 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:32:32 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:32:33 [INFO] Check for updates complete (70 ms) 17:32:33 [INFO] 17:32:33 17:32:33 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:32:33 17:32:33 17:32:33 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:32:33 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:32:33 17:32:33 17:32:33 [INFO] Analysis Started 17:32:33 [INFO] Finished Archive Analyzer (0 seconds) 17:32:33 [INFO] Finished File Name Analyzer (0 seconds) 17:32:33 [INFO] Finished Jar Analyzer (0 seconds) 17:32:33 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:32:33 [INFO] Finished Hint Analyzer (0 seconds) 17:32:33 [INFO] Finished Version Filter Analyzer (0 seconds) 17:32:34 [INFO] Created CPE Index (1 seconds) 17:32:34 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:32:34 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:34 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:34 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:34 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:34 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:34 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:34 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:34 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:34 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:34 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:34 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:34 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:34 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:34 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:34 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:34 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:34 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:34 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:34 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:34 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:34 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:34 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:34 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:34 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:34 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:34 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:34 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:34 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:34 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:34 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:34 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:32:34 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:32:34 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:32:34 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:32:34 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:32:34 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:32:34 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:32:34 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:32:34 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:34 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:34 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:34 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:34 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:34 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:34 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:34 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:34 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:34 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:34 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:34 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:34 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:34 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:34 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:34 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:34 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:34 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:34 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:34 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:34 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:34 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:34 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:34 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:34 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:34 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:34 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:34 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:34 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:35 [INFO] Finished CPE Analyzer (1 seconds) 17:32:35 [INFO] Finished False Positive Analyzer (0 seconds) 17:32:35 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:32:35 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:32:35 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:32:35 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:32:35 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:32:35 17:32:35 17:32:35 ## Recommendation 17:32:35 17:32:35 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:32:35 17:32:35 The following template can be used to demonstrate the vulnerability: 17:32:35 ```{{#with "constructor"}} 17:32:35 {{#with split as |a|}} 17:32:35 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:32:35 {{#with (concat (lookup join (slice 0 1)))}} 17:32:35 {{#each (slice 2 3)}} 17:32:35 {{#with (apply 0 a)}} 17:32:35 {{.}} 17:32:35 {{/with}} 17:32:35 {{/each}} 17:32:35 {{/with}} 17:32:35 {{/with}} 17:32:35 {{/with}}``` 17:32:35 17:32:35 17:32:35 ## Recommendation 17:32:35 17:32:35 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:35 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:32:35 [INFO] Analysis Complete (1 seconds) 17:32:35 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:32:35 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:32:35 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:32:35 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:32:35 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:32:35 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:32:35 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:32:35 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:32:35 [WARNING] 17:32:35 17:32:35 One or more dependencies were identified with known vulnerabilities in dependencies.spring: 17:32:35 17:32:35 spring-core-5.3.39.jar (pkg:maven/org.springframework/spring-core@5.3.39, cpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*) : CVE-2025-41249, CVE-2025-41242 17:32:35 spring-web-5.3.39.jar (pkg:maven/org.springframework/spring-web@5.3.39, cpe:2.3:a:pivotal_software:spring_framework:5.3.39:*:*:*:*:*:*:*, cpe:2.3:a:springsource:spring_framework:5.3.39:*:*:*:*:*:*:*, cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*) : CVE-2025-41249 17:32:35 17:32:35 17:32:35 See the dependency-check report for more details. 17:32:35 17:32:35 17:32:35 [INFO] 17:32:35 [INFO] ------------< org.openspcoop2:org.openspcoop2.spring-ldap >------------- 17:32:35 [INFO] Building dependencies.spring-ldap 1.0 [29/69] 17:32:35 [INFO] --------------------------------[ pom ]--------------------------------- 17:32:35 [INFO] 17:32:35 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-ldap --- 17:32:35 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-ldap (includes = [*.jar], excludes = []) 17:32:35 [INFO] 17:32:35 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-ldap --- 17:32:35 [INFO] 17:32:35 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-ldap --- 17:32:35 [INFO] Executing tasks 17:32:40 [INFO] Executed tasks 17:32:40 [INFO] 17:32:40 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring-ldap --- 17:32:40 [INFO] Checking for updates 17:32:40 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:32:40 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:32:40 [INFO] Check for updates complete (68 ms) 17:32:40 [INFO] 17:32:40 17:32:40 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:32:40 17:32:40 17:32:40 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:32:40 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:32:40 17:32:40 17:32:40 [INFO] Analysis Started 17:32:40 [INFO] Finished Archive Analyzer (0 seconds) 17:32:40 [INFO] Finished File Name Analyzer (0 seconds) 17:32:40 [INFO] Finished Jar Analyzer (0 seconds) 17:32:40 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:32:40 [INFO] Finished Hint Analyzer (0 seconds) 17:32:40 [INFO] Finished Version Filter Analyzer (0 seconds) 17:32:42 [INFO] Created CPE Index (1 seconds) 17:32:42 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:32:42 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:42 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:42 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:42 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:42 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:42 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:42 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:42 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:42 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:42 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:42 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:42 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:42 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:42 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:42 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:42 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:42 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:42 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:42 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:42 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:42 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:42 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:42 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:42 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:42 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:42 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:42 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:42 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:32:42 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:32:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:32:42 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:32:42 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:32:42 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:32:42 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:32:42 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:32:42 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:42 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:42 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:42 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:42 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:42 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:42 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:42 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:42 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:42 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:42 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:42 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:42 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:42 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:42 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:42 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:42 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:42 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:42 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:42 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:42 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:42 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:42 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:42 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:42 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:42 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:42 [INFO] Finished CPE Analyzer (1 seconds) 17:32:42 [INFO] Finished False Positive Analyzer (0 seconds) 17:32:42 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:32:42 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:32:42 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:32:42 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:32:42 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:32:42 17:32:42 17:32:42 ## Recommendation 17:32:42 17:32:42 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:32:42 17:32:42 The following template can be used to demonstrate the vulnerability: 17:32:42 ```{{#with "constructor"}} 17:32:42 {{#with split as |a|}} 17:32:42 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:32:42 {{#with (concat (lookup join (slice 0 1)))}} 17:32:42 {{#each (slice 2 3)}} 17:32:42 {{#with (apply 0 a)}} 17:32:42 {{.}} 17:32:42 {{/with}} 17:32:42 {{/each}} 17:32:42 {{/with}} 17:32:42 {{/with}} 17:32:42 {{/with}}``` 17:32:42 17:32:42 17:32:42 ## Recommendation 17:32:42 17:32:42 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:42 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:32:42 [INFO] Analysis Complete (1 seconds) 17:32:42 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:32:42 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:32:42 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:32:42 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:32:42 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:32:42 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:32:42 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:32:42 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:32:42 [INFO] 17:32:42 [INFO] ----------< org.openspcoop2:org.openspcoop2.spring-security >----------- 17:32:42 [INFO] Building dependencies.spring-security 1.0 [30/69] 17:32:42 [INFO] --------------------------------[ pom ]--------------------------------- 17:32:42 [INFO] 17:32:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.spring-security --- 17:32:42 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/spring-security (includes = [*.jar], excludes = []) 17:32:42 [INFO] 17:32:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.spring-security --- 17:32:42 [INFO] 17:32:42 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.spring-security --- 17:32:42 [INFO] Executing tasks 17:32:42 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/spring-security/spring-security-crypto-5.8.16.jar 17:32:42 [INFO] Executed tasks 17:32:42 [INFO] 17:32:42 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.spring-security --- 17:32:42 [INFO] Executing tasks 17:32:47 [INFO] Executed tasks 17:32:47 [INFO] 17:32:47 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.spring-security --- 17:32:47 [INFO] Checking for updates 17:32:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:32:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:32:47 [INFO] Check for updates complete (90 ms) 17:32:47 [INFO] 17:32:47 17:32:47 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:32:47 17:32:47 17:32:47 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:32:47 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:32:47 17:32:47 17:32:47 [INFO] Analysis Started 17:32:47 [INFO] Finished Archive Analyzer (0 seconds) 17:32:47 [INFO] Finished File Name Analyzer (0 seconds) 17:32:47 [INFO] Finished Jar Analyzer (0 seconds) 17:32:47 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:32:47 [INFO] Finished Hint Analyzer (0 seconds) 17:32:47 [INFO] Finished Version Filter Analyzer (0 seconds) 17:32:49 [INFO] Created CPE Index (1 seconds) 17:32:49 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:32:49 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:49 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:49 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:49 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:49 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:49 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:49 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:49 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:49 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:49 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:49 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:49 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:49 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:49 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:49 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:49 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:49 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:49 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:32:49 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:32:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:32:49 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:32:49 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:32:49 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:32:49 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:32:49 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:32:49 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:49 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:49 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:49 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:49 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:49 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:49 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:49 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:49 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:49 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:49 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:49 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:49 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:49 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:49 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:49 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:49 [INFO] Finished CPE Analyzer (1 seconds) 17:32:49 [INFO] Finished False Positive Analyzer (0 seconds) 17:32:49 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:32:49 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:32:49 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:32:49 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:32:49 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:32:49 17:32:49 17:32:49 ## Recommendation 17:32:49 17:32:49 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:32:49 17:32:49 The following template can be used to demonstrate the vulnerability: 17:32:49 ```{{#with "constructor"}} 17:32:49 {{#with split as |a|}} 17:32:49 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:32:49 {{#with (concat (lookup join (slice 0 1)))}} 17:32:49 {{#each (slice 2 3)}} 17:32:49 {{#with (apply 0 a)}} 17:32:49 {{.}} 17:32:49 {{/with}} 17:32:49 {{/each}} 17:32:49 {{/with}} 17:32:49 {{/with}} 17:32:49 {{/with}}``` 17:32:49 17:32:49 17:32:49 ## Recommendation 17:32:49 17:32:49 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:32:49 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:32:49 [INFO] Analysis Complete (1 seconds) 17:32:49 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:32:49 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:32:49 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:32:49 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:32:49 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:32:49 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:32:49 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:32:49 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:32:49 [INFO] 17:32:49 [INFO] --------------< org.openspcoop2:org.openspcoop2.swagger >--------------- 17:32:49 [INFO] Building dependencies.swagger 1.0 [31/69] 17:32:49 [INFO] --------------------------------[ pom ]--------------------------------- 17:32:49 [INFO] 17:32:49 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.swagger --- 17:32:49 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/swagger (includes = [*.jar], excludes = []) 17:32:49 [INFO] 17:32:49 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.swagger --- 17:32:49 [INFO] 17:32:49 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.swagger --- 17:32:49 [INFO] Executing tasks 17:32:49 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-parser-v3-2.1.6.jar 17:32:49 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/swagger/swagger-request-validator-core-2.30.0.jar 17:32:49 [INFO] Executed tasks 17:32:49 [INFO] 17:32:49 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.swagger --- 17:32:49 [INFO] Executing tasks 17:32:54 [INFO] Executed tasks 17:32:54 [INFO] 17:32:54 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.swagger --- 17:32:54 [INFO] Checking for updates 17:32:54 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:32:54 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:32:54 [INFO] Check for updates complete (66 ms) 17:32:55 [INFO] 17:32:55 17:32:55 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:32:55 17:32:55 17:32:55 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:32:55 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:32:55 17:32:55 17:32:55 [INFO] Analysis Started 17:32:55 [INFO] Finished Archive Analyzer (0 seconds) 17:32:55 [INFO] Finished File Name Analyzer (0 seconds) 17:32:55 [INFO] Finished Jar Analyzer (0 seconds) 17:32:55 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:32:55 [INFO] Finished Hint Analyzer (0 seconds) 17:32:55 [INFO] Finished Version Filter Analyzer (0 seconds) 17:32:56 [INFO] Created CPE Index (1 seconds) 17:32:56 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:32:56 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:56 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:56 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:56 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:56 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:56 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:56 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:56 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:56 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:56 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:56 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:56 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:56 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:56 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:56 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:56 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:56 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:56 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:56 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:56 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:56 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:56 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:56 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:56 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:56 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:56 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:56 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:32:56 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:32:56 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:32:56 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:32:56 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:32:56 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:32:56 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:32:56 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:32:56 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:32:56 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:32:56 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:32:56 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:32:56 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:32:56 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:32:56 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:32:56 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:32:56 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:32:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:32:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:32:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:32:56 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:32:56 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:32:56 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:32:56 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:32:56 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:32:56 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:32:56 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:32:56 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:32:56 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:32:56 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:32:56 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:32:56 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:32:56 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:32:56 at java.lang.reflect.Method.invoke (Method.java:566) 17:32:56 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:32:56 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:32:56 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:32:56 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:32:57 [INFO] Finished CPE Analyzer (1 seconds) 17:32:57 [INFO] Finished False Positive Analyzer (0 seconds) 17:32:57 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:33:07 [INFO] Finished RetireJS Analyzer (9 seconds) 17:33:07 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:33:07 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:33:07 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:33:07 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:33:07 17:33:07 17:33:07 ## Recommendation 17:33:07 17:33:07 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:33:07 17:33:07 The following template can be used to demonstrate the vulnerability: 17:33:07 ```{{#with "constructor"}} 17:33:07 {{#with split as |a|}} 17:33:07 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:33:07 {{#with (concat (lookup join (slice 0 1)))}} 17:33:07 {{#each (slice 2 3)}} 17:33:07 {{#with (apply 0 a)}} 17:33:07 {{.}} 17:33:07 {{/with}} 17:33:07 {{/each}} 17:33:07 {{/with}} 17:33:07 {{/with}} 17:33:07 {{/with}}``` 17:33:07 17:33:07 17:33:07 ## Recommendation 17:33:07 17:33:07 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:07 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:33:07 [INFO] Analysis Complete (12 seconds) 17:33:07 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:33:07 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:33:07 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:33:07 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:33:07 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:33:07 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:33:07 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:33:07 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:33:07 [INFO] 17:33:07 [INFO] ----------------< org.openspcoop2:org.openspcoop2.wadl >---------------- 17:33:07 [INFO] Building dependencies.wadl 1.0 [32/69] 17:33:07 [INFO] --------------------------------[ pom ]--------------------------------- 17:33:07 [INFO] 17:33:07 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wadl --- 17:33:07 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wadl (includes = [*.jar], excludes = []) 17:33:07 [INFO] 17:33:07 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wadl --- 17:33:07 [INFO] 17:33:07 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.wadl --- 17:33:07 [INFO] Executing tasks 17:33:12 [INFO] Executed tasks 17:33:12 [INFO] 17:33:12 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.wadl --- 17:33:12 [INFO] Checking for updates 17:33:12 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:33:12 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:33:12 [INFO] Check for updates complete (69 ms) 17:33:12 [INFO] 17:33:12 17:33:12 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:33:12 17:33:12 17:33:12 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:33:12 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:33:12 17:33:12 17:33:12 [INFO] Analysis Started 17:33:12 [INFO] Finished Archive Analyzer (0 seconds) 17:33:12 [INFO] Finished File Name Analyzer (0 seconds) 17:33:12 [INFO] Finished Jar Analyzer (0 seconds) 17:33:12 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:33:12 [INFO] Finished Hint Analyzer (0 seconds) 17:33:12 [INFO] Finished Version Filter Analyzer (0 seconds) 17:33:14 [INFO] Created CPE Index (1 seconds) 17:33:14 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:33:14 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:14 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:14 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:14 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:14 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:14 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:14 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:14 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:14 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:14 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:14 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:14 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:14 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:14 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:14 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:14 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:14 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:14 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:14 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:14 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:14 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:14 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:14 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:14 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:14 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:14 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:14 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:14 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:14 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:14 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:14 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:33:14 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:33:14 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:33:14 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:33:14 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:33:14 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:33:14 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:33:14 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:33:14 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:14 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:14 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:14 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:14 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:14 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:14 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:14 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:14 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:14 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:14 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:14 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:14 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:14 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:14 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:14 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:14 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:14 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:14 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:14 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:14 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:14 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:14 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:14 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:14 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:14 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:14 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:14 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:14 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:14 [INFO] Finished CPE Analyzer (1 seconds) 17:33:14 [INFO] Finished False Positive Analyzer (0 seconds) 17:33:14 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:33:14 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:33:14 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:33:14 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:33:14 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:33:14 17:33:14 17:33:14 ## Recommendation 17:33:14 17:33:14 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:33:14 17:33:14 The following template can be used to demonstrate the vulnerability: 17:33:14 ```{{#with "constructor"}} 17:33:14 {{#with split as |a|}} 17:33:14 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:33:14 {{#with (concat (lookup join (slice 0 1)))}} 17:33:14 {{#each (slice 2 3)}} 17:33:14 {{#with (apply 0 a)}} 17:33:14 {{.}} 17:33:14 {{/with}} 17:33:14 {{/each}} 17:33:14 {{/with}} 17:33:14 {{/with}} 17:33:14 {{/with}}``` 17:33:14 17:33:14 17:33:14 ## Recommendation 17:33:14 17:33:14 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:14 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:33:14 [INFO] Analysis Complete (1 seconds) 17:33:14 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:33:14 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:33:14 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:33:14 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:33:14 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:33:14 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:33:14 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:33:14 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:33:14 [INFO] 17:33:14 [INFO] ---------------< org.openspcoop2:org.openspcoop2.wss4j >---------------- 17:33:14 [INFO] Building dependencies.wss4j 1.0 [33/69] 17:33:14 [INFO] --------------------------------[ pom ]--------------------------------- 17:33:14 [INFO] 17:33:14 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.wss4j --- 17:33:14 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/wss4j (includes = [*.jar], excludes = []) 17:33:14 [INFO] 17:33:14 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.wss4j --- 17:33:14 [INFO] 17:33:14 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.wss4j --- 17:33:14 [INFO] Executing tasks 17:33:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-common-2.4.1.jar 17:33:14 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/wss4j/wss4j-ws-security-dom-2.4.1.jar 17:33:14 [INFO] Executed tasks 17:33:14 [INFO] 17:33:14 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.wss4j --- 17:33:14 [INFO] Executing tasks 17:33:19 [INFO] Executed tasks 17:33:19 [INFO] 17:33:19 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.wss4j --- 17:33:19 [INFO] Checking for updates 17:33:19 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:33:19 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:33:19 [INFO] Check for updates complete (70 ms) 17:33:20 [INFO] 17:33:20 17:33:20 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:33:20 17:33:20 17:33:20 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:33:20 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:33:20 17:33:20 17:33:20 [INFO] Analysis Started 17:33:20 [INFO] Finished Archive Analyzer (0 seconds) 17:33:20 [INFO] Finished File Name Analyzer (0 seconds) 17:33:20 [INFO] Finished Jar Analyzer (0 seconds) 17:33:20 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:33:20 [INFO] Finished Hint Analyzer (0 seconds) 17:33:20 [INFO] Finished Version Filter Analyzer (0 seconds) 17:33:21 [INFO] Created CPE Index (1 seconds) 17:33:21 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:33:21 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:21 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:21 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:21 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:21 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:21 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:21 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:21 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:21 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:21 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:21 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:21 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:21 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:21 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:21 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:21 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:21 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:21 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:21 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:21 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:21 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:21 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:21 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:21 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:21 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:21 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:21 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:21 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:21 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:21 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:21 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:33:21 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:33:21 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:33:21 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:33:21 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:33:21 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:33:21 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:33:21 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:33:21 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:21 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:21 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:21 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:21 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:21 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:21 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:21 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:21 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:21 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:21 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:21 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:21 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:21 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:21 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:21 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:21 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:21 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:21 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:21 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:21 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:21 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:21 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:21 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:21 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:21 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:21 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:21 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:21 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:21 [INFO] Finished CPE Analyzer (1 seconds) 17:33:21 [INFO] Finished False Positive Analyzer (0 seconds) 17:33:21 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:33:21 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:33:21 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:33:21 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:33:21 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18-gov4j-4.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*swagger-codegen-cli-3.0.18.jar.*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Denial of service, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Prototype pollution, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Disallow calling helperMissing and blockHelperMissing directly, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1495, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=handlebars issue: 1633, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Affected versions of `handlebars` are vulnerable to Denial of Service. The package's parser may be forced into an endless loop while processing specially-crafted templates. This may allow attackers to exhaust system resources leading to Denial of Service. 17:33:21 17:33:21 17:33:21 ## Recommendation 17:33:21 17:33:21 Upgrade to version 4.4.5 or later., regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.2 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting). 17:33:21 17:33:21 The following template can be used to demonstrate the vulnerability: 17:33:21 ```{{#with "constructor"}} 17:33:21 {{#with split as |a|}} 17:33:21 {{pop (push "alert('Vulnerable Handlebars JS');")}} 17:33:21 {{#with (concat (lookup join (slice 0 1)))}} 17:33:21 {{#each (slice 2 3)}} 17:33:21 {{#with (apply 0 a)}} 17:33:21 {{.}} 17:33:21 {{/with}} 17:33:21 {{/each}} 17:33:21 {{/with}} 17:33:21 {{/with}} 17:33:21 {{/with}}``` 17:33:21 17:33:21 17:33:21 ## Recommendation 17:33:21 17:33:21 Upgrade to version 3.0.8, 4.5.2 or later., regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/handlebars@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=Versions of `handlebars` prior to 3.0.8 or 4.5.3 are vulnerable to Arbitrary Code Execution. The package's lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript in the system. It is due to an incomplete fix for a [previous issue](https://www.npmjs.com/advisories/1316). This vulnerability can be used to run arbitrary code in a server processing Handlebars templates or on a victim's browser (effectively serving as Cross-Site Scripting), regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{filePath=PropertyType{value=.*(struts-core-1.3.10.jar|facelets-taglib-jsf.*-spring-4-gov4j-1.jar|jsf-facelets-1.1.15.jar|richfaces-impl-jsf2-3.3.4.Final.jar|richfaces-impl-3.3.4.Final-gov4j-4.jar|javax.faces-2.4.0.jar|javax.servlet.jsp.jstl-1.2.1.jar|richfaces-ui-3.3.4.Final-gov4j-4.jar).*, regex=true, caseSensitive=false},cvssBelow={10.0,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:javascript/jquery@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=jquery issue: 162, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:time_project:time, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-52070, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-22949, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.jfree/jfreechart@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-23076, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2022-0869,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-38752, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-41854, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-1471, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2022-3064,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.yaml/snakeyaml@.*$, regex=true, caseSensitive=false},cve={CVE-2021-4235,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2016-1000027,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring\-web@.*$, regex=true, caseSensitive=false},cve={CVE-2025-41234,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2020-5408, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xerces/xercesImpl@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2017-10355, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-api@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-common\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-dom@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.commons\.axiom/axiom\-impl@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-beanutils/commons\-beanutils@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-chain/commons\-chain@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-cli/commons\-cli@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-codec/commons\-codec@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-collections/commons\-collections@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-compress@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-csv@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-dbcp2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-digester/commons\-digester@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-discovery/commons\-discovery@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-email@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-fileupload/commons\-fileupload@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-jcs3\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-lang/commons\-lang@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-logging/commons\-logging@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-math3@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.commons/commons\-pool2@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-validator/commons\-validator@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/commons\-io/commons\-io@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-apis/xml\-apis@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xml\-resolver/xml\-resolver@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.ws\.xmlschema/xmlschema\-core@.*$, regex=true, caseSensitive=false},cve={CVE-2021-37533,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2023-5072, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:json-java_project:json-java, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.json/json@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2022-45688, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf\-rt\-bindings\-soap@.*$, regex=true, caseSensitive=false},cpe={PropertyType{value=cpe:/a:apache:soap, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/xalan/xalan@.*$, regex=true, caseSensitive=false},cve={CVE-2022-42920,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},cve={CVE-2023-4759,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.eclipse\.jgit/org\.eclipse\.jgit@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-4949, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/txw2@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/jaxb-runtime@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/xsom@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.glassfish\.jaxb/codemodel@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.sun\.xml\.bind/jaxb-xjc@.*$, regex=true, caseSensitive=false},cve={CVE-2024-9329,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aop@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-aspects@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-beans@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context-support@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-core@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-expression@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-orm@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-tx@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},cve={CVE-2024-38820,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-context@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22233, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework/spring-web@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2024-38828, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-22228, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.springframework\.security/spring-security-crypto@.*$, regex=true, caseSensitive=false},cve={CVE-2018-1258,}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/net\.sf\.jasperreports/jasperreports@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-10492, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.apache\.cxf/cxf-tools-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.hibernate\.validator/hibernate-validator-cdi@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.box/json-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-parser@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-schema-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.org\.openapi4j/openapi-operation-validator@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Suppression Rule had zero matches: SuppressionRule{packageUrl=PropertyType{value=^pkg:maven/org\.gov4j\.thirdparty\.com\.atlassian\.oai/swagger-request-validator-core@.*$, regex=true, caseSensitive=false},vulnerabilityName={PropertyType{value=CVE-2025-15104, regex=false, caseSensitive=false},}} 17:33:21 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:33:21 [INFO] Analysis Complete (1 seconds) 17:33:21 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:33:21 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:33:21 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:33:21 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:33:21 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:33:21 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:33:21 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:33:21 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:33:21 [INFO] 17:33:21 [INFO] -------------< org.openspcoop2:org.openspcoop2.testsuite >-------------- 17:33:21 [INFO] Building dependencies.testsuite 1.0 [34/69] 17:33:21 [INFO] --------------------------------[ pom ]--------------------------------- 17:33:21 [INFO] 17:33:21 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite --- 17:33:21 [INFO] Executing tasks 17:33:26 [INFO] Executed tasks 17:33:26 [INFO] 17:33:26 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite --- 17:33:27 [INFO] Checking for updates 17:33:27 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:33:27 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:33:27 [INFO] Check for updates complete (69 ms) 17:33:27 [INFO] 17:33:27 17:33:27 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:33:27 17:33:27 17:33:27 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:33:27 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:33:27 17:33:27 17:33:27 [INFO] Analysis Started 17:33:27 [INFO] Finished File Name Analyzer (0 seconds) 17:33:27 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:33:27 [INFO] Finished Hint Analyzer (0 seconds) 17:33:27 [INFO] Finished Version Filter Analyzer (0 seconds) 17:33:28 [INFO] Created CPE Index (1 seconds) 17:33:28 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:33:28 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:28 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:28 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:28 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:28 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:28 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:28 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:28 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:28 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:28 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:28 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:28 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:28 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:28 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:28 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:28 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:28 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:28 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:28 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:28 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:28 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:28 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:28 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:28 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:28 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:28 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:28 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:28 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:28 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:28 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:28 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:33:28 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:33:28 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:33:28 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:33:28 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:33:28 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:33:28 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:33:28 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:33:28 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:28 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:28 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:28 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:28 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:28 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:28 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:28 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:28 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:28 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:28 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:28 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:28 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:28 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:28 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:28 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:28 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:28 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:28 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:28 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:28 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:28 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:28 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:28 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:28 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:28 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:28 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:28 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:28 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:28 [INFO] Finished CPE Analyzer (1 seconds) 17:33:28 [INFO] Finished False Positive Analyzer (0 seconds) 17:33:28 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:33:28 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:33:28 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:33:28 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:33:28 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:33:28 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:33:28 [INFO] Analysis Complete (1 seconds) 17:33:28 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.xml 17:33:28 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.html 17:33:28 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.json 17:33:28 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.csv 17:33:28 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-report.sarif 17:33:28 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-jenkins.html 17:33:28 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-junit.xml 17:33:28 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependency-check-result/dependency-check-gitlab.json 17:33:28 [INFO] 17:33:28 [INFO] ----------< org.openspcoop2:org.openspcoop2.testsuite.axis14 >---------- 17:33:28 [INFO] Building dependencies.testsuite.axis14 1.0 [35/69] 17:33:28 [INFO] --------------------------------[ pom ]--------------------------------- 17:33:28 [INFO] 17:33:28 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.axis14 --- 17:33:28 [INFO] Deleting /var/lib/jenkins/workspace/GovWay/lib/axis14 (includes = [*.jar], excludes = []) 17:33:28 [INFO] 17:33:28 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.axis14 --- 17:33:28 [INFO] 17:33:28 [INFO] --- maven-antrun-plugin:3.1.0:run (delete-dependencies-override-gov4j) @ org.openspcoop2.testsuite.axis14 --- 17:33:28 [INFO] Executing tasks 17:33:28 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-1.4.jar 17:33:28 [INFO] [delete] Deleting: /var/lib/jenkins/workspace/GovWay/lib/axis14/axis-jaxrpc-1.4.jar 17:33:28 [INFO] Executed tasks 17:33:28 [INFO] 17:33:28 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.axis14 --- 17:33:28 [INFO] Executing tasks 17:33:33 [INFO] Executed tasks 17:33:33 [INFO] 17:33:33 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.axis14 --- 17:33:34 [INFO] Checking for updates 17:33:34 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:33:34 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:33:34 [INFO] Check for updates complete (71 ms) 17:33:34 [INFO] 17:33:34 17:33:34 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:33:34 17:33:34 17:33:34 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:33:34 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:33:34 17:33:34 17:33:34 [INFO] Analysis Started 17:33:34 [INFO] Finished File Name Analyzer (0 seconds) 17:33:34 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:33:34 [INFO] Finished Hint Analyzer (0 seconds) 17:33:34 [INFO] Finished Version Filter Analyzer (0 seconds) 17:33:35 [INFO] Created CPE Index (1 seconds) 17:33:35 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:33:35 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:35 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:35 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:35 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:35 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:35 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:35 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:35 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:35 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:35 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:35 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:35 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:35 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:35 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:35 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:35 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:35 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:35 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:35 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:35 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:35 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:35 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:35 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:35 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:35 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:35 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:35 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:35 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:35 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:35 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:35 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:33:35 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:33:35 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:33:35 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:33:35 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:33:35 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:33:35 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:33:35 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:33:35 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:35 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:35 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:35 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:35 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:35 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:35 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:35 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:35 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:35 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:35 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:35 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:35 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:35 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:35 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:35 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:35 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:35 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:35 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:35 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:35 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:35 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:35 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:35 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:35 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:35 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:35 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:35 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:35 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:35 [INFO] Finished CPE Analyzer (1 seconds) 17:33:35 [INFO] Finished False Positive Analyzer (0 seconds) 17:33:35 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:33:35 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:33:35 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:33:35 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:33:35 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:33:35 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:33:35 [INFO] Analysis Complete (1 seconds) 17:33:35 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:33:35 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:33:35 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:33:35 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:33:35 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:33:35 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:33:35 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:33:35 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:33:35 [INFO] 17:33:35 [INFO] ----< org.openspcoop2:org.openspcoop2.testsuite.applicationServer >----- 17:33:35 [INFO] Building dependencies.testsuite.as 1.0 [36/69] 17:33:35 [INFO] --------------------------------[ pom ]--------------------------------- 17:33:35 [INFO] 17:33:35 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer --- 17:33:35 [INFO] Executing tasks 17:33:40 [INFO] Executed tasks 17:33:40 [INFO] 17:33:40 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer --- 17:33:40 [INFO] Checking for updates 17:33:40 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:33:40 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:33:40 [INFO] Check for updates complete (66 ms) 17:33:41 [INFO] 17:33:41 17:33:41 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:33:41 17:33:41 17:33:41 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:33:41 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:33:41 17:33:41 17:33:41 [INFO] Analysis Started 17:33:41 [INFO] Finished File Name Analyzer (0 seconds) 17:33:41 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:33:41 [INFO] Finished Hint Analyzer (0 seconds) 17:33:41 [INFO] Finished Version Filter Analyzer (0 seconds) 17:33:42 [INFO] Created CPE Index (1 seconds) 17:33:42 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:33:42 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:42 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:42 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:42 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:42 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:42 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:42 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:42 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:42 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:42 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:42 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:42 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:42 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:42 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:42 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:42 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:42 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:42 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:42 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:42 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:42 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:42 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:42 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:42 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:42 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:42 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:42 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:42 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:33:42 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:33:42 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:33:42 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:33:42 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:33:42 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:33:42 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:33:42 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:33:42 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:42 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:42 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:42 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:42 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:42 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:42 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:42 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:42 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:42 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:42 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:42 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:42 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:42 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:42 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:42 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:42 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:42 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:42 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:42 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:42 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:42 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:42 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:42 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:42 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:42 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:42 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:42 [INFO] Finished CPE Analyzer (1 seconds) 17:33:42 [INFO] Finished False Positive Analyzer (0 seconds) 17:33:42 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:33:42 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:33:42 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:33:42 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:33:42 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:33:42 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:33:42 [INFO] Analysis Complete (1 seconds) 17:33:42 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.xml 17:33:42 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.html 17:33:42 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.json 17:33:42 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.csv 17:33:42 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-report.sarif 17:33:42 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-jenkins.html 17:33:42 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-junit.xml 17:33:42 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/dependency-check-result/dependency-check-gitlab.json 17:33:42 [INFO] 17:33:42 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly9 >-- 17:33:42 [INFO] Building dependencies.testsuite.as.wildfly9 1.0 [37/69] 17:33:42 [INFO] --------------------------------[ pom ]--------------------------------- 17:33:42 [INFO] 17:33:42 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:33:42 [INFO] 17:33:42 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:33:42 [INFO] org.wildfly:wildfly-client-all:jar:9.0.0.Final already exists in destination. 17:33:42 [INFO] 17:33:42 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:33:42 [INFO] Executing tasks 17:33:47 [INFO] Executed tasks 17:33:47 [INFO] 17:33:47 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly9 --- 17:33:47 [INFO] Checking for updates 17:33:47 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:33:47 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:33:47 [INFO] Check for updates complete (74 ms) 17:33:48 [INFO] 17:33:48 17:33:48 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:33:48 17:33:48 17:33:48 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:33:48 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:33:48 17:33:48 17:33:48 [INFO] Analysis Started 17:33:48 [INFO] Finished File Name Analyzer (0 seconds) 17:33:48 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:33:48 [INFO] Finished Hint Analyzer (0 seconds) 17:33:48 [INFO] Finished Version Filter Analyzer (0 seconds) 17:33:49 [INFO] Created CPE Index (1 seconds) 17:33:49 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:33:49 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:49 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:49 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:49 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:49 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:49 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:49 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:49 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:49 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:49 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:49 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:49 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:49 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:49 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:49 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:49 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:49 Caused by: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:49 at org.owasp.dependencycheck.xml.suppression.SuppressionErrorHandler.fatalError (SuppressionErrorHandler.java:71) 17:33:49 at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError (ErrorHandlerWrapper.java:181) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:400) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:327) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError (XMLScanner.java:1471) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag (XMLDocumentFragmentScannerImpl.java:1433) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement (XMLNSDocumentScannerImpl.java:259) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDriver.scanRootElementHook (XMLNSDocumentScannerImpl.java:613) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next (XMLDocumentFragmentScannerImpl.java:3063) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$PrologDriver.next (XMLDocumentScannerImpl.java:836) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next (XMLDocumentScannerImpl.java:605) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next (XMLNSDocumentScannerImpl.java:112) 17:33:49 at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:534) 17:33:49 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:888) 17:33:49 at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:824) 17:33:49 at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse (XMLParser.java:141) 17:33:49 at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse (AbstractSAXParser.java:1216) 17:33:49 at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse (SAXParserImpl.java:635) 17:33:49 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:128) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:49 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:49 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:49 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:49 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:49 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:49 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:49 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:49 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:49 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:49 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:49 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:49 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:49 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:49 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:49 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:49 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:49 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:49 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:49 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:49 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:49 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) 17:33:49 [INFO] Finished CPE Analyzer (1 seconds) 17:33:49 [INFO] Finished False Positive Analyzer (0 seconds) 17:33:49 [INFO] Finished NVD CVE Analyzer (0 seconds) 17:33:49 [INFO] Finished Sonatype OSS Index Analyzer (0 seconds) 17:33:49 [INFO] Finished Vulnerability Suppression Analyzer (0 seconds) 17:33:49 [INFO] Finished Known Exploited Vulnerability Analyzer (0 seconds) 17:33:49 [INFO] Finished Dependency Bundling Analyzer (0 seconds) 17:33:49 [INFO] Finished Unused Suppression Rule Analyzer (0 seconds) 17:33:49 [INFO] Analysis Complete (1 seconds) 17:33:49 [INFO] Writing XML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.xml 17:33:49 [INFO] Writing HTML report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.html 17:33:49 [INFO] Writing JSON report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.json 17:33:49 [INFO] Writing CSV report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.csv 17:33:49 [INFO] Writing SARIF report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-report.sarif 17:33:49 [INFO] Writing JENKINS report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-jenkins.html 17:33:49 [INFO] Writing JUNIT report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-junit.xml 17:33:49 [INFO] Writing GITLAB report to: /var/lib/jenkins/workspace/GovWay/mvn/dependencies/testsuite/dependency-check-result/dependency-check-gitlab.json 17:33:49 [INFO] 17:33:49 [INFO] --< org.openspcoop2:org.openspcoop2.testsuite.applicationServer.wildfly10 >-- 17:33:49 [INFO] Building dependencies.testsuite.as.wildfly10 1.0 [38/69] 17:33:49 [INFO] --------------------------------[ pom ]--------------------------------- 17:33:49 [INFO] 17:33:49 [INFO] --- maven-clean-plugin:3.4.0:clean (clean) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:33:49 [INFO] 17:33:49 [INFO] --- maven-dependency-plugin:3.8.1:copy-dependencies (copy-dependencies) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:33:49 [INFO] org.wildfly:wildfly-client-all:jar:10.0.0.Final already exists in destination. 17:33:49 [INFO] 17:33:49 [INFO] --- maven-antrun-plugin:3.1.0:run (sleep-for-a-while) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:33:49 [INFO] Executing tasks 17:33:54 [INFO] Executed tasks 17:33:54 [INFO] 17:33:54 [INFO] --- dependency-check-maven:12.2.0:aggregate (check owasp) @ org.openspcoop2.testsuite.applicationServer.wildfly10 --- 17:33:55 [INFO] Checking for updates 17:33:55 [INFO] Skipping the NVD API Update as it was completed within the last 240 minutes 17:33:55 [INFO] Skipping Known Exploited Vulnerabilities update check since last check was within 24 hours. 17:33:55 [INFO] Check for updates complete (72 ms) 17:33:55 [INFO] 17:33:55 17:33:55 Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user's risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report. 17:33:55 17:33:55 17:33:55 About ODC: https://dependency-check.github.io/DependencyCheck/general/internals.html 17:33:55 False Positives: https://dependency-check.github.io/DependencyCheck/general/suppression.html 17:33:55 17:33:55 17:33:55 [INFO] Analysis Started 17:33:55 [INFO] Finished File Name Analyzer (0 seconds) 17:33:55 [INFO] Finished Dependency Merging Analyzer (0 seconds) 17:33:55 [INFO] Finished Hint Analyzer (0 seconds) 17:33:55 [INFO] Finished Version Filter Analyzer (0 seconds) 17:33:56 [INFO] Created CPE Index (1 seconds) 17:33:56 [WARNING] Unable to parse the hosted suppressions data file, results may contain false positives already resolved by the DependencyCheck project 17:33:56 org.owasp.dependencycheck.xml.suppression.SuppressionParseException: org.xml.sax.SAXException: Line=3, Column=29: Element type "suppressions" must be followed by either attribute specifications, ">" or "/>". 17:33:56 at org.owasp.dependencycheck.xml.suppression.SuppressionParser.parseSuppressionRules (SuppressionParser.java:139) 17:33:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadCachedHostedSuppressionsRules (AbstractSuppressionAnalyzer.java:315) 17:33:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadHostedSuppressionBaseData (AbstractSuppressionAnalyzer.java:281) 17:33:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionBaseData (AbstractSuppressionAnalyzer.java:193) 17:33:56 at org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.prepareAnalyzer (AbstractSuppressionAnalyzer.java:104) 17:33:56 at org.owasp.dependencycheck.analyzer.CPEAnalyzer.prepareAnalyzer (CPEAnalyzer.java:194) 17:33:56 at org.owasp.dependencycheck.analyzer.AbstractAnalyzer.prepare (AbstractAnalyzer.java:102) 17:33:56 at org.owasp.dependencycheck.Engine.initializeAnalyzer (Engine.java:826) 17:33:56 at org.owasp.dependencycheck.Engine.analyzeDependencies (Engine.java:662) 17:33:56 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.runCheck (BaseDependencyCheckMojo.java:2069) 17:33:56 at org.owasp.dependencycheck.maven.BaseDependencyCheckMojo.execute (BaseDependencyCheckMojo.java:1267) 17:33:56 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) 17:33:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) 17:33:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) 17:33:56 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) 17:33:56 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) 17:33:56 at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) 17:33:56 at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) 17:33:56 at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) 17:33:56 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) 17:33:56 at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) 17:33:56 at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) 17:33:56 at org.apache.maven.cli.MavenCli.execute (MavenCli.java:957) 17:33:56 at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:289) 17:33:56 at org.apache.maven.cli.MavenCli.main (MavenCli.java:193) 17:33:56 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) 17:33:56 at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) 17:33:56 at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) 17:33:56 at java.lang.reflect.Method.invoke (Method.java:566) 17:33:56 at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) 17:33:56 at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) 17:33:56 at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) 17:33:56 at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)